disabling certain processes during reboot

davidstoll

I am running vpn over the top of my 2 wans. Is there a way to have it not auto run/connect when I reboot?

Gertjan

@davidstoll

VPN What ? Server ? Client ?

Quick and dirty, of the top of my head proposal :
Locate the system reboot script. Here it is : /etc/rc.reboot looks a this look fine candidate.

Next : checkout the pfSense xml config file.
You'll find the block where the VPN client is configured.
You'll need :

the name of the "Disabled" flag.

In the /etc/rc.boot file, load the config, set this flag, save the config - and go on with the reboot.
On boot, your VPN won't start as it has been set to "Disabled".

stephenw10

Yes more info needed here.

Do you want to have to manually connect the VPNs after rebooting? What sort of VPNs are they? Why do you not want the VPNs to connect?

Steve

davidstoll

@stephenw10 yes, I want to manually connect one one wan 1 and have the one on wan 2 auto connect on boot (for instance). It is NordVPN. They do tend to slow things down. The next step is to setup wireguard.

stephenw10

Hmm, no easy way to do that. You can set it to disabled but you would need to enable it again to use it and then disable it again before rebooting.

You might be able to prevent the client starting at boot but it would be started whenever the WAN address changed or any other config change was made that restarted services.

davidstoll

@stephenw10 if I attempt to disable it, I get this warning, which won't let me apply the change.

Cannot disable an OpenVPN instance while the interface is assigned. Remove the interface assignment first.

Gertjan

@davidstoll
That's you disabling the OpenVPN server ? or Client ? in the GUI.
You have to script this.

stephenw10

If the interface is assigned the gui prevents the instance being disabled, yes.

davidstoll

@Gertjan I'm disabling the client tunneling over the wan in the gui.

davidstoll

@stephenw10 Well, yes, but then to get it back going it's many steps. I'm looking for a manual way to do an on/off without it auto-running on boot, but it just doesn't look like it's possible...

stephenw10

Yup, there's no easy way to do it.

It would be easier to enable or disable a policy routing rule to move traffic to to the VPN instead. Though there is also no way to set that disabled at boot in the gui.