I've got an pfSense 2.6 instance which hosts OpenVPN for clients. I'm testing with client version OpenVPN Connect 3.3.7 (2979).
There are some web endpoints with a dynamic IP addresses, so I can't push the routes easily via Custom options. I also don't want to redirect all the traffic via the VPN either.
I found out about allow-pull-fqdn, but that's not supported by OpenVPN connect versions 3.x, source: https://github.com/OpenVPN/openvpn3/issues/195
I'm now searching how to create a script to resolve DNS record and push the IP into client configuration.
The first option would be the best if the OpenVPN server would resolve the DNS record and push the route via script or some other means, because then I would not need to care about scripts on the clients.
Is there a way to do it like this?
The second option is to run a script on the clients. The client OS's can be Windows, Macs and Linux, so there's need to maintain different scripts.
I've been looking into client-connect option, but I can't seem to get it to work at all.
I wrote a batch file vpn_push_routes.bat
echo 'test' > C:\Users\user\Documents\test.txt
I've added these lines into the client config file:
script-security 3
client-connect C:\\Users\\user\\Documents\\vpn_push_routes.bat
The OpenVPN Connect shows in the log that the lines are listed as UNUSED OPTIONS
[Mar 8, 2023, 18:27:20] UNUSED OPTIONS
1 [persist-tun]
2 [persist-key]
3 [data-ciphers] [AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC]
4 [data-ciphers-fallback] [AES-256-CBC]
6 [tls-client]
8 [resolv-retry] [infinite]
10 [nobind]
14 [auth-nocache]
20 [script-security] [3]
21 [client-connect] [C:\Users\user\Documents\vpn_push_routes.bat]
I'd be also okay with the second option. Could somebody help?
