Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Does pfSense use OpenVPN Management Interface?

    Development
    2
    3
    1.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • pandafyP
      pandafy
      last edited by

      Hello! I am trying to find reason why it is not possible to override management interface configuration for OpenVPN in pfSense.

      Also, I would like to know how can I check runtime configuration of OpenVPN on pfSense.

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @pandafy
        last edited by

        @pandafy

        pfSense uses the "FreeBSD" OpenVPN from here : https://openvpn.net/community-downloads/ so it's a vey close to vanilla OpenVPN setup.
        What pfSense changes, it that you don't have to create a config file from scratch, the GUI will take care of that.

        Better yet : if you check that openvpn config file ( its here : /var/etc/openvpn/server1/config.ovpn ) you see that, among the entries that you entered in the GUI, there are other settings that pfSense (the GUI) adds '"behind the screens". Among them is : the access to the management interface.

        As you already found out in the ppost you linked, as management socket already exists.

        Because ..... that is the way how the Dashboard Server VPN widget 'scans' the OpenVPON server so it can update the dashboard info about a current connections.

        So, the answer to :

        Does pfSense use OpenVPN Management Interface?

        is : yes.

        Using the socket that is la ready there, you could also use this access to get information from the running OpenVPN process.
        A while back, there were many forum posts in the pfSense OpenVPN section about how to get more info about clients connecting.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        pandafyP 1 Reply Last reply Reply Quote 1
        • pandafyP
          pandafy @Gertjan
          last edited by

          Hello @gertjan!

          Thank you very much for clearing out my doubts.
          This was troubling me for quite a while that why there's a restriction in changing management interface.

          Even after adding management 127.0.0.1 7505 directive using Custom Options, the OpenVPN instance on pfSense always used a UNIX socket. (It opens a UNIX socket with IP address as name)

          Because ..... that is the way how the Dashboard Server VPN widget 'scans' the OpenVPN server so it can update the dashboard info about a current connections.

          This is the crucial information I was missing. I will check the documentation again to confirm if it is already mentioned there. If not, I will open an issue/pull request to add this.

          But now, I want to take a dive into the implementation of the "scan client" feature and would like to investigate why usage of TCP ports has been ruled out completely.

          It will be really helpful if you can provide links to related code or documentation which can give me a starting point.

          Again, thanks a lot. :)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post