pfSense Forum

pfSense English Support => General Questions => Topic started by: NVIT on December 07, 2017, 03:24:30 am

Title: SG-2440 reset, disk usage and OpenVPN users
Post by: NVIT on December 07, 2017, 03:24:30 am
I had to reset one of my SG-2440s (2.3.2-RELEASE-p1) and restore the last config backup.  Once it was booted again I noticed that disk usage of / was reporting as 103% of 3.5GiB.  This was mostly usage from ntopng's log files, which I've subsequently purged, and was probably the cause of the crash.  So a few questions:

Is the reset switch on the 2440 not actually a factory reset?  I know it wiped the configuration file, but it apparently leaves storage intact.  Is this intentional?

This leads me to my next query; between the last config backup and yesterday's reset I'd added several OpenVPN users.  These users, despite not appearing in the GUI nor having user names or certificates in /cf/conf/config.xml, are still able to connect to OpenVPN.  What am I missing?   Not that I want to re-issue credentials, but is there some additional configuration somewhere else that's allowing this?

Also, is there anyway to backup and restore the installed packages?

Cheers.
Title: Re: SG-2440 reset, disk usage and OpenVPN users
Post by: NVIT on February 09, 2018, 04:40:24 am
I've updated to 2.4.2 and I'm still having issues with removed users being able to connect to OpenVPN.  It's not just ones that weren't part of the backup as mentioned above, it's any removed user.  I'm removing their user account and their certificate.  But they're still able to connect.  The only way I've found to block them is to set up a Client Specific Override and use Block this connection based on its common name.  I should mention that OpenVPN is set up in Remote Access (SSL/TLS) mode.  Is this the expected behaviour?  If not, how do I fix it so that removing a user and certificate disables their ability to connect?

Cheers.
Title: Re: SG-2440 reset, disk usage and OpenVPN users
Post by: moikerz on February 09, 2018, 01:51:30 pm
Are your vpn users local users? Or are they AD/LDAP users (or groups)? Or are they RADIUS users?

Are you just using a single certificate between all users?
Title: Re: SG-2440 reset, disk usage and OpenVPN users
Post by: NVIT on February 12, 2018, 02:43:50 am
Local users with individual certificates.
Title: Re: SG-2440 reset, disk usage and OpenVPN users
Post by: moikerz on February 12, 2018, 04:23:55 pm
Odd. Perhaps now would be a good time for you to take a full backup, and reinstall from scratch, then restore from your backup. Cos something sounds a little messed up..!