OpenVPN custom options - inline data support

duren · Aug 6, 2016, 6:50 PM

Does pfSense support inline data inside custom options?

ie

<tls-auth>my tls data</tls-auth>

etc?

.. because when I save it gets mangled

ie if I have a line like this before it..

cipher AES-256-CBC

it will end up saving like this:

cipher AES-256-CBC<ca>…</ca>

heper · Aug 6, 2016, 11:07 PM

dont use < or > because that'll screw up the config XML format (it shouldn't even be allowed in that field)

Pippin · Aug 7, 2016, 11:10 AM

because when I save it gets mangled

Unix editor?

jimp · Aug 8, 2016, 5:53 PM

You can't use those inside of the fields in the pfSense GUI.

Why do you need to? Just put the TLS key in the TLS key box in the GUI, import the CA and select it, and so on.

duren · Aug 16, 2016, 1:54 AM

Well I have a more fundamental issue.. my provider has different TLS keys for every server and so I'm trying to figure out how to have multiple remote statements with different TLS keys.

I found that as of a recent OpenVPN version, there's a notion of connection profiles, specified using <connection>tags in which you can have targeted parameters, but unfortunately they are specific ones, so I've opened a feature request with OpenVPN to allow the tls-auth and ideally cert directives to be included so you can have per-server settings.

I need this to be able to have my client try different servers within the same country when one goes down.

For my direct question, I've found a workaround where I can just specify an external openvpn config file with the inline configuration and it works.</connection>