Should be possible to configure OpenVPN settings for a running server


I want to deactivate “Redirect-Gateway def1” and add some routes via the “Advanced server options”, but this is only possible when then OpenVPN server is stopped, which is problematic as I am connected via OpenVPN…

Why isn’t it allowed to make configuration changes and then restart the OpenVPN server?

In the current situation, all admins will be working remotely the next days/weeks. I am lucky to already have configured an IPsec connection, but in case other people don’t have that, it will get unnecessary difficult to make OpenVPN changes…


Hi Lars,

I hear you!
What I did:

I’ve build a second OpenVPN behind the main one.
Then connected to this second one, and accessed IPFire in front, stopped its OpenVPN service, did the settings, and restarted it.

After some time was hard for me to keep 2nd machine just for that so I build at my home another IPfire and created an N2N tunnel with the one from office.
As long as N2N tunnel is up I can reach the Office machine and use SSH to stop OpenVPN process for road warrior, but leave alive the N2N process.
Then I manually edited with nano / vi the OpenVPN cfg files…or simply copy them from my home machine where I did the tests of the new config…

Second option has also another advantage: is the second (and slower) access to Office network - through the N2N… So I also have a backup…

It is not perfect, but at least saved me a couple of times.

Hope it helps!

openvpnctrl -h

Wrapper for OpenVPN ipfire-2.2.4
Valid options are:
-s --start
starts OpenVPN (implicitly creates chains and firewall rules)
-k --kill
kills/stops OpenVPN
-r --restart
restarts OpenVPN (implicitly creates chains and firewall rules)
-sn2n --start-net-2-net
starts all net2net connections
you may pass a connection name to the switch to only start a specific one
-kn2n --kill-net-2-net
kills all net2net connections
you may pass a connection name to the switch to only start a specific one


thanks for your reply, but that sounds awfully complicated or at least time-consuming.

I mean, what is the technical reason for not being allowed to change settings and then simply restarting then OpenVPN daemon?


Yes, OpenVPN cannot reload its settings. You will have to restart the whole service anyways to apply the changes.

This isn’t great in the UI and I would be in favour of allowing changes, but you would not get to keep connections alive.

Having to restart the connections wouldn’t be a problem compared to not being able to make changes at all.

Should I report this as a bug/feature request?

As a workaround, it should be possible to make changes to the files in “/var/ipfire/ovpn” and then restart the daemon, shouldn’t it?