OpenVPN CSO what happened to custom_options

[giversen]

Hi
After the upgrade to 23.7 I lost the setting for Client Specific overrides Custom options. I have until now used that option to set the IP nr for each OpenVPN client. How can I do the same in 23.7?
/J

[franco]

Hi,

Custom options were removed during the MVC/API conversion of CSO as part of our ongoing effort to secure the code.

What was the directive you used? If it makes sense it will be added to the GUI instead.


Cheers,
Franco

[giversen]

Hi,
I was issuing a "ifconfig-push 192.168.yyy.xxx 255.255.255.0" to a specific client. It has been working very well in  the 23.1.11 and previous versions.
/J

[franco]

"IPv4 Tunnel Network" setting will do this for you actually. Can you try?


Cheers,
Franco

[giversen]

  Thanks for the hint, yes that works just fine.
/J

[tnode]

Hi,

I was also using the advanced options in the legacy CSO page, can you please let me know how to use the following options in the modern CSO page:

iroute xx.xx.xx.0 255.255.255.0
push "client-nat snat yy.yy.yy.0 255.255.255.0 xx.xx.xx.0"

Cheers,
tnode

[franco]

Hi tnode,

iroute(-ipv6) is set by "Remote Network".

For the push I'm not sure how to integrate but I think we will have to deal with it. A feature ticket would be helpful to properly track this and set the scope as there are multiple push options.


Thanks,
Franco

[tnode]

Thanks Franco,

Keeping the free form text entry for appending to the config/cso was a nice catch all, is this still possible with the mvc redesign as an interim solution?

Cheers,
tnode

[franco]

As per our policy we would like to get rid of these fields since they cannot be controlled and use cases disappear into the shadows where people smart enough to pull it of get it done, but everyone else not so much.

https://github.com/opnsense/core/issues/new?assignees=&labels=&projects=&template=feature_request.md&title=

I'm sure we can figure something out that is solid moving forward.


Cheers,
Franco

[muchacha_grande]

Franco, I'm using three custom (advanced) options: 'fragment 1250', 'mssfix 1250' and 'tun-mtu 1500'.
These options are for mobile clients to work better through 3G/4G networks.
Can these options be added in some way?

[franco]

I've made a ticket for these small updates https://github.com/opnsense/core/issues/6703 but for the "push" thing we need to discuss first with the submitter and interested parties because validation will be a bit difficult.


Cheers,
Franco

[muchacha_grande]

Thank you Franco

[broesel68]

Hello franco,

we too had to set some custom options for OpenVPN and problems with mobile networks (3G/4G), although at some other places.
At OpenVPN->Server->Advanced Options->Advanced we had to set

sndbuf 524288
rcvbuf 524288
push "sndbuf 524288"
push "rcvbuf 524288"

in order to get rid of our vpn problems in our countries mobile network.

Since these "custom settings" are also deprecated and will go away (or already have gone since we are not on the latest opnsense version), can you tell me where to set them in future version of OpnSense Firewall.

Kind regards.
Robert

[franco]

Hi Robert,

I'll add this to the mentioned ticket.

Still a bit tied up with 23.7 upgrade handling, but should be available in 23.7.2.


Cheers,
Franco

[PIv0]

Thanks for the hint, yes that works just fine.
/J

Hello!

If I put in the field "tunnel network IPv4" IP

192.168.56.12/32

Then it will work, the VPN client will be assigned a static address 192.168.56.12 and it will work fine?