Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN custom options - inline data support

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 4 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      duren
      last edited by

      Does pfSense support inline data inside custom options?

      ie

      <ca>my cert data</ca>

      <tls-auth>my tls data</tls-auth>

      etc?

      .. because when I save it gets mangled

      ie if I have a line like this before it..

      cipher AES-256-CBC

      it will end up saving like this:

      cipher AES-256-CBC<ca>…</ca>

      1 Reply Last reply Reply Quote 0
      • H
        heper
        last edited by

        dont use < or > because that'll screw up the config XML format (it shouldn't even be allowed in that field)

        1 Reply Last reply Reply Quote 0
        • PippinP
          Pippin
          last edited by

          because when I save it gets mangled

          Unix editor?

          I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
          Halton Arp

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            You can't use those inside of the fields in the pfSense GUI.

            Why do you need to? Just put the TLS key in the TLS key box in the GUI, import the CA and select it, and so on.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • D
              duren
              last edited by

              Well I have a more fundamental issue.. my provider has different TLS keys for every server and so I'm trying to figure out how to have multiple remote statements with different TLS keys.

              I found that as of a recent OpenVPN version, there's a notion of connection profiles, specified using <connection>tags in which you can have targeted parameters, but unfortunately they are specific ones, so I've opened a feature request with OpenVPN to allow the tls-auth and ideally cert directives to be included so you can have per-server settings.

              I need this to be able to have my client try different servers within the same country when one goes down.

              For my direct question, I've found a workaround where I can just specify an external openvpn config file with the inline configuration and it works.</connection>

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.