pfSense » pfSense Packages

I'm running pfSense 2.4.4 and the Windows openVPN 2.4.6 client.

I was trying to get the openVPN server to log useful connect and (more importantly) disconnect data by creating two shell scripts.
(I'm no scripting expert and /usr/local/www was just somewhere to put these for testing).

ovpn-connect.sh:

#!/bin/sh
logger -4 -t openvpn "User '${common_name}' at ${trusted_ip} autheticated. Tunnel IP ${ifconfig_local} opened." 
exit 0

and ovpn-disconnect.sh

#!/bin/sh
logger -4 -t openvpn "User '${common_name}' at ${trusted_ip} disconnected. Tunnel IP ${ifconfig_local} closed. Session duration(s):${time_duration}. Server bytes sent/rcvd: ${bytes_sent}/${bytes_received}" 
exit 0

I added the following to VPN>OpenVPN>Servers>Advanced Configuration>Custom options.

script-security 2;client-connect /usr/local/www/ovpn-connect.sh;client-disconnect /usr/local/www/ovpn-disconnect.sh;

All works as I hoped but, when starting the OpenVPN server, I noticed these error messages:

Multiple -client-disconnect scripts defined. The previously configured script is overridden
Multiple -client-connect scripts defined. The previously configured script is overridden

These errors don't seem to have any impact on connection or disconnection but I went looking to find the generated OpenVPN server config file - /var/etc/openvpn/server1.config The two lines being overridden by my scripts are:

client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh

However, I also noticed that the exported client config file doesn't contain "explicit-exit-notify".
I believe that without that option, a client-disconnect script won't be called.

a. To ensure execution of the default disconnect script, should "explicit-exit-notify" be added as a default config entry for exported clients ?

b. Could the expanded connect and disconnect information be added as a default for logging?