Project

General

Profile

Feature #7449

feature request for openvpn-client-export package, add the support for openvpn up and down script, for mapping network drive

Added by Geco-it Staff over 2 years ago. Updated 3 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
OpenVPN Client Export
Target version:
-
Start date:
04/05/2017
Due date:
% Done:

0%

Estimated time:

Description

Hi,

hope i write this to the right place. Someone on the IRC suggested me to post my idea here.

Here is the official documentation of openvpn-gui :

Run Connect/Disconnect/Preconnect Scripts

====> There are three different scripts that OpenVPN GUI can execute to help with different tasks like mapping network drives.

Preconnect If a file named "xxx_pre.bat" exist in the config folder
where xxx is the same as your OpenVPN config file name, this will be executed BEFORE the OpenVPN tunnel is established.
Connect If a file named "xxx_up.bat" exist in the config folder
where xxx is the same as your OpenVPN config file name, this will be executed AFTER the OpenVPN tunnel is established.
Disconnect If a file named "xxx_down.bat" exist in the config folder
where xxx is the same as your OpenVPN config file name, this will be executed BEFORE the OpenVPN tunnel is closed. <====

As pfsense can create a executable installer with the GUI, the config and the cert/key file, the idea is the add the possibility to bundle up and down script in the installer provided by pfsense.

I did a small piece of code, in php, first time writing in php for me, sorry... Wich read the content from some template file and write it to a file, with the same name as config, like explained up here.

php_patch.txt

the two file are then bundled with the config and certs.

I also modified the openvpn-postinstall.exe so it will copy the new file, i just added this to the NSI and recompiled the thing :

"

DetailPrint "Installing network drive scripts"
${Locate} ".\config" "/L=F /M=*.bat" "CopyConfFile"
${Locate} ".\config" "/L=F /M=*.vbs" "CopyConfFile"
"

I also have this little vbs script that is used to wait some second before trying to map a drive for exemple. I copy it along with the script and the config / certs files.

sleep.txt

Now the openvpn client automaticatly run the scripts on connect and disconnect to map the drives.

I think this is a really USEFULL feature for pfsense !

Maybe we can add two text form to the openvopn-client-export page, then it will be possible to past in the form the content of the up_script and down_script.

If the form are empty, there is no script to copy.

And i think the sleep.vbs script has to be bundled with the script cause everyone that map a drive will be using this...

Sorry for my bad, i am not a dev, hope it will help !

sleep.txt (2.11 KB) sleep.txt Geco-it Staff, 04/05/2017 10:15 AM
php_patch.txt (794 Bytes) php_patch.txt Geco-it Staff, 04/05/2017 10:15 AM

History

#1 Updated by robi robi over 2 years ago

+1 for this!!

We also use connect scripts which we need to add manually after installing the client, would be so nice if OpenVPN Client Export would offer 3 textbox where we could just simply paste the contents of the scripts. (one texbox for each: Connect/Disconnect/Preconnect)
- Put a radio button above each box, so that the user could let the system know that this is a .bat or a .vbs script (echo the contents of the textbox to the appropriate extension filename)
- Put a checkbox above each box to temporarily enable or disable generation of these files, for example if you want to generate a client without any of these, untick the checkbox and download the client.
- naturally, the contents of these texboxes should be saved for future use.

Thank you.

#2 Updated by Pippin MMD over 1 year ago

This seems like not so good idea to me.
One could setup a "Free VPN service" and execute scripts on clients.....

#3 Updated by MIchael K 3 months ago

Pippin MMD wrote:

This seems like not so good idea to me.
One could setup a "Free VPN service" and execute scripts on clients.....

I'll disagree with this statement.

One could easily modify an OpenVPN Client Package to add a batch script, irrespective of what PFSense implements through it's interface. If you're installing a OpenVPN client package, you're connecting your computer to another network and some trust is implied. Ensuring comfort with the client package is up to the installer.

We use scripts to, for non-domain-joined machines (that would have it in a group-policy)

[profile]_up.bat

  if /I net "%USERDOMAIN%" == "mydomain" (
     if not exist M:\ (
         net use M: \\myserver\data
     )
  )

[profile]_down.bat

  if /I net "%USERDOMAIN%" == "mydomain" (
     if exist M:\ (
         net use M: /DELETE
     )
  )

Also available in: Atom PDF