Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Possibility to modify conf manually via shell
« previous
next »
Print
Pages: [
1
]
Author
Topic: Possibility to modify conf manually via shell (Read 2458 times)
sepius
Newbie
Posts: 5
Karma: 0
Possibility to modify conf manually via shell
«
on:
April 04, 2020, 01:43:41 am »
Hi,
I recently switched to OPNsense, as another update from another..uhm..sense product killed my setup.
Sadly the OPNsense OpenVPN GUI is kind of.. depricated.
No worries I thought and altered the /var/etc/openvpn/server[n].conf myself.
Restarted the demon and had to realize that my newly altered conf was overwritten.
I am willing to alter server and client(export) conf myself, as it is a onetime setup. OpenVPN >2.4 has some nice features, e.g. tls-crypt instead of tls-auth since.. 2018? compress lz4 and others.
In theory: OPNsense does have the latest stable, so altering the conf should be without side effect.
How can I prevent the destruction of my manual changes?
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: Possibility to modify conf manually via shell
«
Reply #1 on:
April 04, 2020, 08:39:20 am »
You can use the custom options field if that works.
Logged
sepius
Newbie
Posts: 5
Karma: 0
Re: Possibility to modify conf manually via shell
«
Reply #2 on:
April 04, 2020, 11:05:30 am »
custom fields doesn't overwrite existing fields - it just adds new one.
If I, for example, set: "keepalive 30 180", it will be appended to the config, while the default value is still maintained some columns up - so I end up with this option two times in the conf.
Also tls-auth to tls-crypt won't work - it is one or the other.
Not being able to modify it manually is kind of counterproductive. I am willing to self-help me, but I am held back.
I now would have to setup another openvpn server and integrate it into my network. Only because I can't change 3-4 columns.
I understand that the GUI should be aligned with the conf or vice versa, but a asterisk or another notification would be enough to notify.
Why and from where is the config overwritten? (So I can maybe use this to modify the params accordingly to a secure OpenVPN 2.4 settings of 2020 instead to be frozen in 2017)
As user I want to make use of OpenVPN 2.4 settings, so I feel state-of-the-art protected and not wasting my time to setup another host for a service I already have. This don't have to done via GUI, but if done by manual changes, these changes need to survive at least reboots.
Acceptance criteria:
- tls-crypt is used instead of tls-auth
- keep alive can be set to save mobile power
- compress lz4 can be used, to save data without being vulnerable to lzo compression attack vectors
Bonus criteria:
- NCP can be used to let the client choose a most powerfriendly codec
Offer: I am willing to contribute to the OpenVPN GUI, but I don't know where to begin.
«
Last Edit: April 04, 2020, 01:23:47 pm by sepius
»
Logged
sepius
Newbie
Posts: 5
Karma: 0
Re: Possibility to modify conf manually via shell
«
Reply #3 on:
April 08, 2020, 04:36:56 pm »
Interesting forum here. Beside some obvious "help", no further dialog. I really would like to like opnsense - but you have to improve. At least if someone offers help, I would suggest to give him a start. But hey..
Logged
marjohn56
Hero Member
Posts: 1701
Karma: 179
Re: Possibility to modify conf manually via shell
«
Reply #4 on:
April 08, 2020, 08:33:52 pm »
Start here...
https://github.com/opnsense/core
Logged
OPNsense 24.7
-
Qotom Q355G4
- ISP -
Squirrel 1Gbps
.
Team Rebellion Member
- If we've helped you remember to applaud
franco
Administrator
Hero Member
Posts: 17668
Karma: 1611
Re: Possibility to modify conf manually via shell
«
Reply #5 on:
April 09, 2020, 01:55:45 pm »
Hi there,
> How can I prevent the destruction of my manual changes?
Isn't this the wrong question considering both *sense share the same approach to config files?
On GitHub we can discuss the tls-crypt integration. So far it hasn't been the most pressing issue for the community. Some things are behind, some are more forward in general depending on where work is spent.
Ping me at
https://github.com/opnsense/core/issues/2048
Cheers,
Franco
Logged
whiskerp
Newbie
Posts: 2
Karma: 0
Re: Possibility to modify conf manually via shell
«
Reply #6 on:
January 21, 2021, 05:04:04 pm »
You can put your certificate between <tls-crypt> and </tls-crypt> tags in the Custom Configuration box.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Possibility to modify conf manually via shell