FreePBX 13 OpenVPN Setup Wiki Bug & Comments

cyberdocwi · February 19, 2016, 10:11pm

Hello,

I recently had reason to add OpenVPN to my FreePBX 13 setup, and found the instructions on the Wiki at http://wiki.freepbx.org/display/FPG/System+Admin+-+VPN+Server#SystemAdmin-VPNServer-DownloadingClientConfigs

I setup according to the Wiki, but in the UCP, I was unable to see the VPN Clients screen to download the configuration. After flying around the interface looking for what was missing, I stumbled across an un-documented setting.

In the “Downloading Client Configs” I needed to attach my VPN clients as shown in the wiki, but then I also had to go to the UCP tab and under the System Admin tab, move Allow VPN from Inherit to Yes. I could then see the download link in the UCP.

Tony / Kate -> Please update the Wiki, or explain why my inherited preference did not work.

Second, I did successfully download and examine the OpenVPN configuration for my client. I love OpenVPN, and have used it to keep offices linked together for 10+ years, but I have found problems in the past with comp-lzo (enable compression) on the connections that dealt with voice traffic.

My firewalls at the offices tend to be older Pentium 4’s that were Windoze XP machines now re-tasked as Linux firewalls.

Questions:

Is there a way to not require comp-lzo, outside of hacking the .cfg files? I know the server and client sections need to match… how about editing the setups to do this?
Experimenting with Ciphers, I have found Camellia-128-cbc to be a great performance option. Any chance we would be able to choose a cipher opposed to the default?

Thanks,

Christian

kate.bernard · February 22, 2016, 8:17pm

Christian,

Thank you for noting the unexpected behavior you encountered in UCP after you attached a VPN client to a user in the User Management module.

What you’ve experienced is not a bug, but rather a result of the fact that a Group does not have VPN access by default.

If you select “Inherit” for your user, and their group is set to “No,” then the user would inherit a setting of “No.” Therefore the user would not have VPN access.

Our wiki is constantly growing and changing as new features are added to our software. We do our best to keep up, but at times you may find the wiki to be incomplete. To address the first part of your post, I’ve edited the “System Admin - VPN Server” wiki to contain more detail about user level settings (Yes/No/Inherit) and group level settings (Yes/No). Hopefully this helps.

cyberdocwi · February 22, 2016, 8:31pm

Hello Kate,

Thank you for both notes – one on the screen, and here in the Forum. I know you guys do a best effort, and that’s why I pointed it out gently as opposed to an irate mess. FreePBX is a complex environment, and while I have no idea of the code line count, my guess is millions of lines, and that’s a lot of sheep to keep organized.

Thank you for the enhancements, and as I notice things, I’ll continue to speak up.

Christian