Netgate SG-1000 microFirewall

Author Topic: SG-2440 reset, disk usage and OpenVPN users  (Read 181 times)

0 Members and 1 Guest are viewing this topic.

Offline NVIT

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
SG-2440 reset, disk usage and OpenVPN users
« on: December 07, 2017, 03:24:30 am »
I had to reset one of my SG-2440s (2.3.2-RELEASE-p1) and restore the last config backup.  Once it was booted again I noticed that disk usage of / was reporting as 103% of 3.5GiB.  This was mostly usage from ntopng's log files, which I've subsequently purged, and was probably the cause of the crash.  So a few questions:

Is the reset switch on the 2440 not actually a factory reset?  I know it wiped the configuration file, but it apparently leaves storage intact.  Is this intentional?

This leads me to my next query; between the last config backup and yesterday's reset I'd added several OpenVPN users.  These users, despite not appearing in the GUI nor having user names or certificates in /cf/conf/config.xml, are still able to connect to OpenVPN.  What am I missing?   Not that I want to re-issue credentials, but is there some additional configuration somewhere else that's allowing this?

Also, is there anyway to backup and restore the installed packages?

Cheers.

Offline NVIT

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: SG-2440 reset, disk usage and OpenVPN users
« Reply #1 on: February 09, 2018, 04:40:24 am »
I've updated to 2.4.2 and I'm still having issues with removed users being able to connect to OpenVPN.  It's not just ones that weren't part of the backup as mentioned above, it's any removed user.  I'm removing their user account and their certificate.  But they're still able to connect.  The only way I've found to block them is to set up a Client Specific Override and use Block this connection based on its common name.  I should mention that OpenVPN is set up in Remote Access (SSL/TLS) mode.  Is this the expected behaviour?  If not, how do I fix it so that removing a user and certificate disables their ability to connect?

Cheers.

Offline moikerz

  • Full Member
  • ***
  • Posts: 132
  • Karma: +7/-0
    • View Profile
Re: SG-2440 reset, disk usage and OpenVPN users
« Reply #2 on: February 09, 2018, 01:51:30 pm »
Are your vpn users local users? Or are they AD/LDAP users (or groups)? Or are they RADIUS users?

Are you just using a single certificate between all users?

Offline NVIT

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: SG-2440 reset, disk usage and OpenVPN users
« Reply #3 on: February 12, 2018, 02:43:50 am »
Local users with individual certificates.

Offline moikerz

  • Full Member
  • ***
  • Posts: 132
  • Karma: +7/-0
    • View Profile
Re: SG-2440 reset, disk usage and OpenVPN users
« Reply #4 on: February 12, 2018, 04:23:55 pm »
Odd. Perhaps now would be a good time for you to take a full backup, and reinstall from scratch, then restore from your backup. Cos something sounds a little messed up..!