Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    automatically start openvpn server when my phone is not on home wifi project writeup

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 379 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Cloudless Smart HomeC
      Cloudless Smart Home
      last edited by Cloudless Smart Home

      After getting my openvpn working a couple of days ago, I thought it would be clever to only turn on the server when I am away, and of course turn it off if I am home, and have it do it automatically. I mean, pfSense certainly should know whether I am home or not right? So after studying the PHP shell docs, and never writing any php or any code other than a little html and yaml, I used ChatGPT to help me write a php script, and wanted to share what I've done to give back a little something to the community that has helped me so generously.

      I don't know if this is safe or if it will break your machine, so use it at your own risk.

      one of the great answers I got yesterday to one of my many questions I have posted here helped, so I will start there. you need to know the server id of your openvpn server. for me I only have one, so that is what the script addresses. at the shell prompt you type

      less /conf/config.xml | grep -B 1 -A 8 vpnid

      which will give you your openvpn server id and other useful info. we will need that in a minute.

      I made a file called openvpn-iphone.php and placed it in the directory I made in /usr/local/bin/

      /usr/local/bin/jeff/

      the script...

      <?php

// Define a function to ping a device
function ping($host) {
    // Execute the ping command and store the output and status in variables
    $pingresult = exec("/sbin/ping -c 1 $host", $outcome, $status);
    // Check the status of the ping command
    if (0 == $status) {
        // If the status is 0, the device is online
        return "online";
    } else {
        // If the status is not 0, the device is offline
        return "offline";
    }
}

// Define a function to start OpenVPN server
function startVPN() {
    // Execute the command to start OpenVPN server
    exec("pfSsh.php playback svc start openvpn server 1");
}

// Define a function to stop OpenVPN server
function stopVPN() {
    // Execute the command to stop OpenVPN server
    exec("pfSsh.php playback svc stop openvpn server 1");
}

// Define the static IP addresses of the devices to be pinged. This con be one ip address or many.
$ip_addresses = array("192.168.1.10", "192.168.1.11");

// Set a flag to keep track of the device statuses
$all_devices_online = true;

// Loop through each IP address and ping the device
foreach ($ip_addresses as $ip_address) {
    // Get the status of the device
    $status = ping($ip_address);
    // Output the status of the device
    echo "The device with the IP address $ip_address is $status.\n";
    // Check if the device is offline
    if ($status == "offline") {
        // If the device is offline, set the flag to false
        $all_devices_online = false;
    }
}

// Check the flag to determine if all devices are online
if ($all_devices_online) {
    // If all devices are online, stop the OpenVPN server
    stopVPN();
    echo "All devices are online. OpenVPN server stopped.\n";
} else {
    // If one or more devices are offline, start the OpenVPN server
    startVPN();
    echo "One or more devices are offline. OpenVPN server started.\n";
}

?>

      the script is run and tested from the shell with...

      /usr/local/bin/php /usr/local/bin/jeff/openvpn-iphone.php

      Screenshot 2023-02-01 at 9.49.01 PM.png

      unfortunately, the Status / Services page does not update without refreshing the browser screen.

      Then I installed the cron package and added the schedule to run every minute while I tested and every 5 after I was convinced it was working as expected.

      Screenshot 2023-02-01 at 10.07.28 PM.png

      Then I installed the Shellcmd package and added the command to run at boot time. This really shouldn't be necessary if cron is running, but I am learning about how to do things in the process.

      Screenshot 2023-02-01 at 9.48.13 PM.png

      I am having way too much fun with pfSense, even after running it for many years, I can go back and build more and more super useful functionality into this powerful system. Please let me know if you found this useful, have any questions, or find that I did something wrong.

      keyserK 1 Reply Last reply Reply Quote 1
      • Cloudless Smart HomeC
        Cloudless Smart Home
        last edited by

        This post is deleted!
        1 Reply Last reply Reply Quote 0
        • keyserK
          keyser Rebel Alliance @Cloudless Smart Home
          last edited by

          @cloudless-smart-home Funny little project :-)

          It’s always usefull to learn about tech by testing various ideas like that. However, the security gains by disabling the service are not really there as it will be available in large parts of the day. Also: it will cost slightly more battery on your phone because it wakes the wifi every minute when you are home.

          I think your next project should be pfBlockerNG and retrieving the AS number of your cell service provider. That way you can create a rule so only IP’s belonging to your provider is able to reach the OpenVPN server. That will have a MUCH more relevant impact on security than turning it on and off.

          Love the no fuss of using the official appliances :-)

          1 Reply Last reply Reply Quote 0
          • Cloudless Smart HomeC Cloudless Smart Home referenced this topic on
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.