Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can't get openvpn to start and stop via cron

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 3 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      mrgoodkat
      last edited by

      Hey guys,

      I'm trying to shutdown and start openvpn via the cron package. The vpn doesn't have to run over night when nobody is using the internet.

      The entries are:

      0 23 * * * root /usr/local/sbin/pfSsh.php playback svc stop openvpn client 1
      0 7 * * * root /usr/local/sbin/pfSsh.php playback svc start openvpn client 1

      But when I get up before 7 the vpn connection is still active.

      SG-2220

      1 Reply Last reply Reply Quote 0
      • jimpJ Offline
        jimp Rebel Alliance Developer Netgate
        last edited by

        Check your logs, anything that causes OpenVPN to refresh would restart it. It isn't meant to be stopped manually in that way, so any event that triggers a reload of the server (like a gateway going down) would restart it.

        You'd need some other script to actually mark the tunnel disabled before calling the stop, and then marking it enabled again before calling the start.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • M Offline
          mrgoodkat
          last edited by

          Turns out that's the problem. The cron successfully shuts down openvpn at 23:00, but the daily 24h reconnect of the wan at 03:00 causes it to come up again.
          Any idea how I can prevent that from happening?

          SG-2220

          1 Reply Last reply Reply Quote 0
          • H Offline
            heper
            last edited by

            You'd need some other script to actually mark the tunnel disabled before calling the stop, and then marking it enabled again before calling the start.

            probably easiest using the developers shell. record a new macro to disable/enable the vpn & then use cron to call that macro

            some clues:
            config snippet when disabled:

            
 <openvpn-server><vpnid>2</vpnid>
            <disable><mode>server_tls_user</mode>
            <authmode>Local Database</authmode>
            <protocol>UDP</protocol>
            <dev_mode>tun</dev_mode></disable></openvpn-server>

            config snippet when enabled:

             <openvpn-server><vpnid>2</vpnid>
            <mode>server_tls_user</mode>
            <authmode>Local Database</authmode>
            <protocol>UDP</protocol>
            <dev_mode>tun</dev_mode></openvpn-server>

            so basically you going to need to set/unset the <disable>tag in the xml with something like:

            
unset($vpnconfig[disable]) ;

            or

            
$vpnconfig[disable] = true;

            don't copy past above, it needs some work to … uhm work  ;)

            https://doc.pfsense.org/index.php/Using_the_PHP_pfSense_Shell
            checkbox: https://github.com/pfsense/pfsense/blob/master/src/usr/local/www/vpn_openvpn_server.php#L628-L633
            disabling: https://github.com/pfsense/pfsense/blob/master/src/usr/local/www/vpn_openvpn_server.php#L470-L472</disable>

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.