Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Disabling single OpenVPN Server

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 2 Posters 837 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      marlu
      last edited by

      The idea is to issue a command via SSH to enable the option "Disable this server" in the web-GUI. (Not the whole OpenVPN-Process but only a specific instance)

      My problem is, that I can't find this option anywhere in the config (in the filesystem) or via the PHP-Shell/pfSense tools.
      I was expecting to just find it as an entry when looking up all configured servers via:

      print_r($config['openvpn']);
      exec;

      but the "Disable this server" option is just nowhere to be found in the output.
      The question is therefore: Where can I find this option, and is there a clean way to toggle it via SSH, or is there a way to do it even smoother?

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        It's there.

        pfSense shell: var_dump($config['openvpn']['openvpn-server'][9]);
        pfSense shell: exec
        array(53) {
        [...]
          ["disable"]=>
          string(0) ""
        [...]
        
        pfSense shell: print_r($config['openvpn']['openvpn-server'][9]);
        pfSense shell: exec
        Array
        (
         [...]
            [disable] => 
         [...]
        

        There is no set way to disable a VPN from the shell. You can stop the service, but anything that would trigger a restart of services would make it start back up.

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • M
          marlu
          last edited by marlu

          That is very strange. I would have assumed it to be as you describe. However I can't find it..(not even after toggeling and saving that option)

          output from the commands..:

          array(56) {
          ["vpnid"]=>
          string(1) "1"
          ["mode"]=>
          string(15) "server_tls_user"
          ["authmode"]=>
          string(14) "Local Database"
          ["protocol"]=>
          string(3) "UDP"
          ["dev_mode"]=>
          string(3) "tun"
          ["interface"]=>
          string(3) "any"
          ["ipaddr"]=>
          string(0) ""
          ["local_port"]=>
          string(4) "1194"
          ["description"]=>
          string(10) "PrivateVPN"
          ["custom_options"]=>
          string(0) ""
          ["tls"]=>
          string(876) ""
          ["tls_type"]=>
          string(4) "auth"
          ["caref"]=>
          string(13) ""
          ["crlref"]=>
          string(0) ""
          ["certref"]=>
          string(13) ""
          ["dh_length"]=>
          string(4) "2048"
          ["ecdh_curve"]=>
          string(4) "none"
          ["cert_depth"]=>
          string(1) "1"
          ["strictusercn"]=>
          string(0) ""
          ["crypto"]=>
          string(11) "AES-128-GCM"
          ["digest"]=>
          string(6) "SHA256"
          ["engine"]=>
          string(4) "none"
          ["tunnel_network"]=>
          string(11) ""
          ["tunnel_networkv6"]=>
          string(0) ""
          ["remote_network"]=>
          string(0) ""
          ["remote_networkv6"]=>
          string(0) ""
          ["gwredir"]=>
          string(0) ""
          ["gwredir6"]=>
          string(0) ""
          ["local_network"]=>
          string(14) ""
          ["local_networkv6"]=>
          string(0) ""
          ["maxclients"]=>
          string(0) ""
          ["compression"]=>
          string(0) ""
          ["compression_push"]=>
          string(0) ""
          ["passtos"]=>
          string(0) ""
          ["client2client"]=>
          string(3) "yes"
          ["dynamic_ip"]=>
          string(3) "yes"
          ["topology"]=>
          string(6) "subnet"
          ["serverbridge_dhcp"]=>
          string(0) ""
          ["serverbridge_interface"]=>
          string(4) "none"
          ["serverbridge_routegateway"]=>
          string(0) ""
          ["serverbridge_dhcp_start"]=>
          string(0) ""
          ["serverbridge_dhcp_end"]=>
          string(0) ""
          ["dns_domain"]=>
          string(10) "example.org"
          ["dns_server1"]=>
          string(8) ""
          ["dns_server2"]=>
          string(11) ""
          ["dns_server3"]=>
          string(0) ""
          ["dns_server4"]=>
          string(0) ""
          ["sndrcvbuf"]=>
          string(0) ""
          ["push_register_dns"]=>
          string(3) "yes"
          ["netbios_enable"]=>
          string(0) ""
          ["netbios_ntype"]=>
          string(1) "0"
          ["netbios_scope"]=>
          string(0) ""
          ["create_gw"]=>
          string(4) "both"
          ["verbosity_level"]=>
          string(1) "1"
          ["ncp-ciphers"]=>
          string(11) "AES-128-GCM"
          ["ncp_enable"]=>
          string(7) "enabled"
          }

          This is all on 2.4.4-RELEASE-p3 (amd64)
          VPN config was done with fairly "standard" settings in the wizard.

          Edit: changed so spoiler actually works.

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            The disable entry is only present when the entry is disabled. When it's enabled, it's not there. It doesn't get set to yes/no/etc. If it's there, the entry is considered disabled. If it's not there, it's enabled.

            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • M
              marlu
              last edited by

              Okay, but the entry is never shown...which is why I couldn't find it with my diff on the output before/after disabling the VPN.

              I believe I have found the issue, why that "disable" would not show up in the config, even though the VPN was set to disabled. I had to restart the whole system (which isn't really an option) to get the config to show the entry.

              Do I somehow need to force an update? My way of doing it so far is:

              1. Log into web-GUI and change the status of the chosen VPN to disabled.
              2. Log into the ssh-php and issue the command and observe the output

              When does that config-file actually come into play?
              Only on restart? If yes, then a script accessing the web-GUI and activating the setting would be needed. I would love to not do it that way, as it is IMO a non-optimal way of doing things..

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                If you change the status in the GUI and save, it would always be immediately reflected in config.xml.

                Unless your disk is doing something really funky with caching writes, it should be there as soon as the config is written.

                Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.