Feature #15846

open

Ability to set OpenVPN client service start type to Manual so the service state survives a reboot

Added by Jon Brown 4 days ago. Updated 4 days ago.

Status:

New

Priority:

Normal

Assignee:

Category:

OpenVPN

Target version:

Start date:

Due date:

% Done:

Estimated time:

Plus Target Version:

Release Notes:

Default

Description

Background / My Setup¶

My VPN provider allows me 10 connections.
I have 10 OpenVPN clients setup to use my VPN provider.
These clients are assigned to interfaces.
The interfaces are assigned to gateways.
The gateways are assigned into to 2 gateway groups (Scraping and Privacy)

The issue¶

When I disabled an OpenVPN client manually I want this client to stay disabled after a reboot.

I do not want to manually remove and re-add OpenVPN clients to get the desired effect because it took a lot of time to get these setup right.
I can manually disable any of the VPN clients using the pfSense GUI and they stay disabled as expected, however if I reboot my pfSense router then all of the VPN connections are brought backup.
This is an issue because if I now want to use a VPN connection using my VPN providers software on another device I have to make sure that I manually disable a connection in pfsense to free up a seat becasue I am limited to 10 connections
I don't always need all of the connections up all the time in pfSense so I manually disable them when I am not using them. this is also another reason for this feature request.

What I have tried¶

Shellcmd
- Problem with this is that these scripts do not always fire after the VPN connections are made so this method is not reliable
- If these commands run before the relevant VPN daemon is running they will have no effect.

VPN --> OpenVPN --> Clients --> Edit
- This method does not work because you cannot disable an OpenVPN client when it is assigned to an interface.
- For the Redmine searchers: Cannot disable an OpenVPN instance while the interface is assigned. Remove the interface assignment first.

Proposed solutions / ideas¶

Add ability to disable an OpenVPN client that is still attached to an interface
Fix the Shellcmd plugin so it can disable OpenVPN connections.
- perhaps add another option called After Boot and to go one further this option could have a delay timer on it just incase there are things that cannot be probed for such as OpenVPN connections.
Add an ability to set the OpenVPN client service start type to Manual so after a reboot the OpenVPN client service will not automatically restart

Related links¶

https://forum.netgate.com/topic/176435/disable-openvpn-clients-on-reboot
- This is my post on using Shellcmd
#13769 - Shellcmd Package - Add Copy Command
#13770 - Shellcmd package - Add Enable/Disable option
#14211 - OpenVPN Status page (Stop|Start|Restart) - Use Ajax instead of full page reload.
#13758 - OpenVPN service names inconsistent - Hard to get OpenVPN ID for CLi

Files

Download all files

clipboard-202411171116-rl79n.png (76.9 KB) clipboard-202411171116-rl79n.png		Jon Brown, 11/17/2024 11:16 AM
clipboard-202411171118-9dtnz.png (57.2 KB) clipboard-202411171118-9dtnz.png		Jon Brown, 11/17/2024 11:18 AM

Actions

Copy link

Updated by Jon Brown 4 days ago

pfSense Community Version

2.7.2-RELEASE (amd64)
built on Wed Dec 6 20:10:00 GMT 2023
FreeBSD 14.0-CURRENT

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries