Can't get openvpn to start and stop via cron



  • Hey guys,

    I'm trying to shutdown and start openvpn via the cron package. The vpn doesn't have to run over night when nobody is using the internet.

    The entries are:

    0 23 * * * root /usr/local/sbin/pfSsh.php playback svc stop openvpn client 1
    0 7 * * * root /usr/local/sbin/pfSsh.php playback svc start openvpn client 1

    But when I get up before 7 the vpn connection is still active.


  • Rebel Alliance Developer Netgate

    Check your logs, anything that causes OpenVPN to refresh would restart it. It isn't meant to be stopped manually in that way, so any event that triggers a reload of the server (like a gateway going down) would restart it.

    You'd need some other script to actually mark the tunnel disabled before calling the stop, and then marking it enabled again before calling the start.



  • Turns out that's the problem. The cron successfully shuts down openvpn at 23:00, but the daily 24h reconnect of the wan at 03:00 causes it to come up again.
    Any idea how I can prevent that from happening?



  • You'd need some other script to actually mark the tunnel disabled before calling the stop, and then marking it enabled again before calling the start.

    probably easiest using the developers shell. record a new macro to disable/enable the vpn & then use cron to call that macro

    some clues:
    config snippet when disabled:

    
     <openvpn-server><vpnid>2</vpnid>
                <disable><mode>server_tls_user</mode>
                <authmode>Local Database</authmode>
                <protocol>UDP</protocol>
                <dev_mode>tun</dev_mode></disable></openvpn-server> 
    

    config snippet when enabled:

     <openvpn-server><vpnid>2</vpnid>
                <mode>server_tls_user</mode>
                <authmode>Local Database</authmode>
                <protocol>UDP</protocol>
                <dev_mode>tun</dev_mode></openvpn-server>
    

    so basically you going to need to set/unset the <disable>tag in the xml with something like:

    
    unset($vpnconfig[disable]) ;
    
    

    or

    
    $vpnconfig[disable] = true; 
    
    

    don't copy past above, it needs some work to … uhm work  ;)

    https://doc.pfsense.org/index.php/Using_the_PHP_pfSense_Shell
    checkbox: https://github.com/pfsense/pfsense/blob/master/src/usr/local/www/vpn_openvpn_server.php#L628-L633
    disabling: https://github.com/pfsense/pfsense/blob/master/src/usr/local/www/vpn_openvpn_server.php#L470-L472</disable>


Log in to reply