OpenVPN --management-query-remote for client using TCP

How to customize and extend your OpenVPN installation.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
chiragrr
OpenVpn Newbie
Posts: 1
Joined: Thu Jun 09, 2016 5:30 am

OpenVPN --management-query-remote for client using TCP

Post by chiragrr » Thu Feb 15, 2018 1:01 am

I have multiple servers (and URL endpoints). The Servers are all running on port 443 and using TCP. Both my client and server are using 2.3.x (2.3.18) version

1) dev.mysite.com
2) qa.mysite.com
3) prod.mysite.com
4) cust1.mysite.com
5)........

I want to create a software package that uses the management interface + "--management-query-remote" directive on the client. Using this directive, my package will provide the remote IP based on the environment that this client needs to connect to. As the client may need to change the environment, this is not a onetime action and thus, I cannot write a config file once.

Things I have tried
1) used --management-hold and --management-query-remote together. However, the client does not start (in TCP mode) unless you give some remote.
ERROR - Options error: --nobind doesn't make sense unless used with --remote
2) I gave a dummy "remote site" and started the client. However, on trying to give the command "remote MOD <url> <port>" I get the error
"ERROR: The remote command is not supported by the current daemon mode"
I am trying to understand two things

1) Steps or examples if someone got it working
2) Is it supported?

Thanks for the help/inputs

atfilipi
OpenVpn Newbie
Posts: 1
Joined: Wed Mar 14, 2018 3:38 pm

Re: OpenVPN --management-query-remote for client using TCP

Post by atfilipi » Thu Mar 15, 2018 6:50 pm

You need to mark the connections using the <connection>...</connection> tags and start openvpn with the "management-hold" option.

Note, if your only 'remote' commands are inside of <connection> tags, then the given hostname is not resolved via DNS until it is needed. This lets you put a bogus placeholder in the config.

I have the following in my config, and then rely upon my manager to reply with "remote MOD my.vpnserver.com 1234":

Code: Select all

client
dev tun
proto tcp
nobind
<connection>
remote to-be-set-by-vpn-manager 9999
</connection>
management-hold
management-query-remote

Post Reply