Feature #10633
closedAdd one a new "Server Mode" to the OpenVPN server configuration page or add the missing settings to an existing mode.
0%
Description
"Server Mode" is a pfSense invention that determines what settings to expose in the GUI. The issue we're currently having is that there is no mode that allows for all of the following simultaneously:
- TLS + User authentication
- Pushing additional DNS settings to clients
- Routing traffic to client IP networks
This is because no "Peer to Peer" mode exposes the "Advanced Client Settings" or allows for user auth, while no "Remote Access" mode exposes the "IPvX Remote Network(s)" settings block.
Here are some possible options to address this:
1. Add the "IPv4 Remote Network(s)" and "IPv6 Remote Netowrk(s)" settings to all of the existing "Remote Access" mode pages. This is probably the simplest fix that directly addresses this particular problem, but it doesn't handle potential future issues that may arise from these arbitrarily defined "server modes."
2. Create a new "Peer to Peer" mode that allows for "user auth" authentication and also exposes the "Advanced Client Settings" configuration block that is available in the "Remote Access" modes. More to change here, and a new mode further muddying the issue make this a less desirable option.
3. Create a new mode that is neither "Remote Access" or "Peer to Peer" but is simply "Advanced" or "Native" or some other word that exposes all of the various OpenVPN server knobs available. This is the most desirable option since it is future proof and has no arbitrary restrictions placed on how a server can be configured, but it also is likely the most work to implement.