Write Protect /var/etc/openvpn/client1.conf
-
Hi
I need to write protect /var/etc/openvpn/client1.conf because otherwise pfsense overwrites it and my openvpn connection goes down.
I can only access the root folder when I ssh to my pfsense. Anyone know how to do this? At least have any tips? :)
-
Firstly, why do you need to protect this file?
It is written by pfSense from the settings you make in the webGUI.
What is the deficiency/problem in the webGUI that means you feel the need to edit this file directly and then protect it? -
In order to get it to work with Ipredator I had to edit the file manually. And now I need to protect it to get overwritten from the webgui
-
Can you tell us what exactly did not work with Ipredator, and what edits you needed to make it work?
Maybe we can help get that fixed. I see there have been a few other threads about Ipredator.
I suspect that whatever you do to change the protections on the file will be ineffective, because the pfSense code that re-generates it will be running with full root privileges…
If you really have to, you can edit the pfSense PHP code in /etc/inc that generates the config, to leave out or add in what you need. That would be a real one-off hard-coded hack to get it working, and of course would have to be re-done after each pfSense firmware upgrade.
-
This is what my client1.conf looks like after I´ve modified it
client dev ovpnc1 dev-type tun proto udp remote pw.openvpn.ipredator.se 1194 remote pw.openvpn.ipredator.me 1194 remote pw.openvpn.ipredator.es 1194 dev-node /dev/tun1 writepid /var/run/openvpn_client1.pid script-security 3 resolv-retry infinite nobind daemon auth-user-pass /root/ipredator_password auth-retry nointeract ca /var/etc/openvpn/client1.ca tls-client tls-auth /var/etc/openvpn/client1.tls-auth ns-cert-type server keepalive 10 30 cipher AES-256-CBC persist-key persist-tun comp-lzo tun-mtu 1500 mssfix 1200 passtos verb 3 up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown management /var/etc/openvpn/client1.sock unixIsnt there a way to protect a file that not even root can edit?
-
Can you tell us what exactly did not work with Ipredator, and what edits you needed to make it work?
Maybe we can help get that fixed. I see there have been a few other threads about Ipredator.
I suspect that whatever you do to change the protections on the file will be ineffective, because the pfSense code that re-generates it will be running with full root privileges…
If you really have to, you can edit the pfSense PHP code in /etc/inc that generates the config, to leave out or add in what you need. That would be a real one-off hard-coded hack to get it working, and of course would have to be re-done after each pfSense firmware upgrade.
See post above :)
-
Made a new thread regarding this issue in the openVPN forum