OpenVPN CSO what happened to custom_options

Started by giversen, August 01, 2023, 07:02:49 PM

Previous topic - Next topic
Print
Go Down Pages1 2 3 4
User actions
August 01, 2023, 07:02:49 PM
Hi
After the upgrade to 23.7 I lost the setting for Client Specific overrides Custom options. I have until now used that option to set the IP nr for each OpenVPN client. How can I do the same in 23.7?
/J
August 01, 2023, 07:14:32 PM #1
Hi,

Custom options were removed during the MVC/API conversion of CSO as part of our ongoing effort to secure the code.

What was the directive you used? If it makes sense it will be added to the GUI instead.


Cheers,
Franco
August 01, 2023, 07:18:46 PM #2
Hi,
I was issuing a "ifconfig-push 192.168.yyy.xxx 255.255.255.0" to a specific client. It has been working very well in  the 23.1.11 and previous versions.
/J
August 01, 2023, 08:48:01 PM #3
"IPv4 Tunnel Network" setting will do this for you actually. Can you try?


Cheers,
Franco
August 02, 2023, 06:47:04 PM #4
 :) Thanks for the hint, yes that works just fine.
/J
August 03, 2023, 01:11:55 AM #5
Hi,

I was also using the advanced options in the legacy CSO page, can you please let me know how to use the following options in the modern CSO page:

iroute xx.xx.xx.0 255.255.255.0
push "client-nat snat yy.yy.yy.0 255.255.255.0 xx.xx.xx.0"

Cheers,
tnode
August 03, 2023, 09:26:31 AM #6
Hi tnode,

iroute(-ipv6) is set by "Remote Network".

For the push I'm not sure how to integrate but I think we will have to deal with it. A feature ticket would be helpful to properly track this and set the scope as there are multiple push options.


Thanks,
Franco
August 03, 2023, 10:28:35 AM #7
Thanks Franco,

Keeping the free form text entry for appending to the config/cso was a nice catch all, is this still possible with the mvc redesign as an interim solution?

Cheers,
tnode
August 03, 2023, 10:46:07 AM #8
As per our policy we would like to get rid of these fields since they cannot be controlled and use cases disappear into the shadows where people smart enough to pull it of get it done, but everyone else not so much.

https://github.com/opnsense/core/issues/new?assignees=&labels=&projects=&template=feature_request.md&title=

I'm sure we can figure something out that is solid moving forward.


Cheers,
Franco
August 03, 2023, 02:47:37 PM #9
Franco, I'm using three custom (advanced) options: 'fragment 1250', 'mssfix 1250' and 'tun-mtu 1500'.
These options are for mobile clients to work better through 3G/4G networks.
Can these options be added in some way?
August 03, 2023, 05:08:28 PM #10
I've made a ticket for these small updates https://github.com/opnsense/core/issues/6703 but for the "push" thing we need to discuss first with the submitter and interested parties because validation will be a bit difficult.


Cheers,
Franco
August 03, 2023, 09:56:13 PM #11
Thank you Franco
August 09, 2023, 05:27:11 PM #12
Hello franco,

we too had to set some custom options for OpenVPN and problems with mobile networks (3G/4G), although at some other places.
At OpenVPN->Server->Advanced Options->Advanced we had to set

sndbuf 524288
rcvbuf 524288
push "sndbuf 524288"
push "rcvbuf 524288"

in order to get rid of our vpn problems in our countries mobile network.

Since these "custom settings" are also deprecated and will go away (or already have gone since we are not on the latest opnsense version), can you tell me where to set them in future version of OpnSense Firewall.

Kind regards.
Robert


August 09, 2023, 05:47:06 PM #13
Hi Robert,

I'll add this to the mentioned ticket.

Still a bit tied up with 23.7 upgrade handling, but should be available in 23.7.2.


Cheers,
Franco
August 10, 2023, 12:59:25 PM #14
Quote from: giversen on August 02, 2023, 06:47:04 PM
:) Thanks for the hint, yes that works just fine.
/J

Hello!

If I put in the field "tunnel network IPv4" IP

192.168.56.12/32

Then it will work, the VPN client will be assigned a static address 192.168.56.12 and it will work fine?
Print
Go Up Pages1 2 3 4
User actions