Establish OpenVPN connection temporarily, then disconnect at a given time
-
Hello,
My goal is to automate an OpenVPN connection with something like cron on a specific day for a backup to take place, then disconnect at a given time. Both endpoints use pfSense 2.0.1.x.
I have cron in mind. What is the best way to use cron in pfSense? I haven't really found any documentation on it. It looks like cron exists at the command line, but there is also a package for the GUI it seems.
Any advice is welcome. Thank you.
-
You probably intend to write a shell script and run this from a cron job. So create the script, place it on pfsense, install Cron GUI package and then just create the cron jobs.
PS: Why dou you want to disconnect the OpenVPN connection ? If you just like to stop traffic between the two end points except to backup time, you could create a firewall rule and a scheduler whichs blocks traffic on OpenVPN.
-
You probably intend to write a shell script and run this from a cron job. So create the script, place it on pfsense, install Cron GUI package and then just create the cron jobs.
Ok this sounds like an option. So I will be creating the OpenVPN connection from the script?.
PS: Why do you want to disconnect the OpenVPN connection ? If you just like to stop traffic between the two end points except to backup time, you could create a firewall rule and a scheduler whichs blocks traffic on OpenVPN.
I really only need the connection to establish on one day of the week, Saturday. It is a good idea to just block the connection at the firewall and unblock as needed on a schedule. I will consider this too. I think the OpenVPN client connection re-establish is 1-2 minutes? I can't really control that if I just leave it attempting to connect all week, but 1-2 minutes isn't bad. Overall I am just trying to minimize traffic and be more exact. With cron I have the connection, and then its gone.
-
On the client side of the site-to-site, I ended up using the pfsense GUI to create the client setup. It creates all of the conf files, and interfaces for me, and I leave the configuration disabled.
I added the "cron" package to the gui interface.
I set two cron tasks:
8 4 root /usr/local/sbin/openvpn –config /var/etc/openvpn/client12.conf (establish the connection thurs at 8 am)
14 4 root pkill -9 -F /var/run/openvpn_client12.pid (kill the connection thurs at 2:00 pm) -
ooo, make sure you put "*" (asterisks) in fields that you aren't using w/ cron.
:)
On the client side of the site-to-site, I ended up using the pfsense GUI to create the client setup. It creates all of the conf files, and interfaces for me, and I leave the configuration disabled.
I added the "cron" package to the gui interface.
I set two cron tasks:
8 4 root /usr/local/sbin/openvpn –config /var/etc/openvpn/client12.conf (establish the connection thurs at 8 am)
14 4 root pkill -9 -F /var/run/openvpn_client12.pid (kill the connection thurs at 2:00 pm) -
Couldnt you just bring the openvpn interface up/down on a cron job using the ifconfig command?
-
Good question. I am not sure if the pid stays open while the interface is off. But I will test it.
Couldnt you just bring the openvpn interface up/down on a cron job using the ifconfig command?
-
if I turn the interface off via: ifconfig (vpn interface) down
PID stays on. The service itself doesn't report any type of error in any of the logs that I can see… (system logs, status). So OpenVPN doesn't seem concerned about the interface status.
when i do: ifconfig (vpn interface) up
the connection is back up. This could work good also it seems, but can't really see a true status unless I do a ping test, or do an ifconfig to see the "UP" flag on the interface, or no "UP" flag.
I feel like its a toss up as far as purpose. Maybe one is cleaner than the other.
Good question. I am not sure if the pid stays open while the interface is off. But I will test it.
Couldnt you just bring the openvpn interface up/down on a cron job using the ifconfig command?