Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    Introducing Netgate Nexus: Multi-Instance Management at Your Fingertips.

    OpenVPN - make Client Specific Overrides persistent after reboot

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 76 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E Offline
      eegclbugs
      last edited by eegclbugs

      Hello,

      we want to generate OpenVPN Client Specific Overrides with a script and not with the GUI for each user individually. Therefore we created files like:
      /var/etc/openvpn/serverX/csc/unsername

      To make them persistent, so that they are not deleted after reboot, we used:
      chflags schg /var/etc/openvpn/serverX/csc/*

      But this caused the pfSense to stop booting and complaining that the folder and files in
      /var/etc/openvpn/
      could not be deleted.

      Is there a way to create OpenVPN Client Specific Overrides with a script and make them persistent after reboot?

      we use currently 25.11.1

      Greetings, Nina Kuckländer

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG Offline
        Gertjan @eegclbugs
        last edited by Gertjan

        @eegclbugs said in OpenVPN - make Client Specific Overrides persistent after reboot:

        with a script and not with the GUI for each user individually.

        You're already close to the answer ^^

        If you found this :

        99d2d10a-8edf-4b54-9294-543f6218e683-image.png

        you actually use this :

        b52bf3f7-9b15-456a-b197-75f3670153cd-image.png

        That file can be found here : /usr/local/www/vpn_openvpn_csc.php

        Read that file (it's a script, world's most known : php)
        The bottom part is what your browser shows you.
        The top part is where the user's input (the pfSense admin), is validated, stored in the "one and unique pfSense config file" and you also find where the scs file are created etc.
        So ... if your script can use this script as a source, model (etc) you'll have the best of both worlds :
        Your script adds/edit/whateber the scs file.
        The - your - info is stored into the "one and unique pfSense config file" so when pfSense restarts, everything is setup according to its "one and unique pfSense config file" info.
        And you can still use the GUI to look/edit/delete things.

        Btw : this is a 'how I would do it solution'.
        Commanding pfSense from the command line without doing it the 'pfSense' way is generally a bad idea.

        No "help me" PM's please. Use the forum, the community will thank you.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2026 Rubicon Communications LLC (Netgate). All rights reserved.