OpenVPN: Setting advanced options

micmeyer · November 08, 2020, 11:35:56 AM

I have two questions concerning running an OpenVPN server.

1. What is the recommended way to set advanced options of an OpenVPN server?

I saw the ,,Advanced" field in VPN –> OpenVPN -> Servers section but the description states that this field will be removed:
This option will be removed in the future due to being insecure by nature. In the mean time only full administrators are allowed to change this setting.

2. Can I connect to the shell and see the complete configuration file somewhere? (I would like to double check that all the options are set as expected)

bartjsmit · November 08, 2020, 02:47:12 PM

Quote from: micmeyer on November 08, 2020, 11:35:56 AM
Can I connect to the shell and see the complete configuration file somewhere?

Have a look in /var/etc/openvpn/ for the conf file for your server.

What changes are you looking to add?

Bart...

micmeyer · November 08, 2020, 06:17:34 PM

@bartjsmit Thanks for pointing me in the right direction. I found the configuration file in the folder.

I want to set the following options:
user nobody
group nogroup
tls-version-min 1.2

(I didn't see any fields in the ui to configure this)

bartjsmit · November 09, 2020, 07:48:45 AM

Cool 8), remember that the OPNsense config files are liable to be overwritten when you update

Bart...

OpenVPN: Setting advanced options

micmeyer

November 08, 2020, 11:35:56 AM

bartjsmit

November 08, 2020, 02:47:12 PM #1

micmeyer

November 08, 2020, 06:17:34 PM #2

bartjsmit

November 09, 2020, 07:48:45 AM #3