OPNsense Forum

English Forums => Virtual private networks => Topic started by: mgiammarco on November 30, 2022, 05:51:44 pm

Title: CSO Ignored in openvpn (again?)
Post by: mgiammarco on November 30, 2022, 05:51:44 pm

Hi,
I have an opnsense (latest version), with three openvpn servers on it.
All servers are working and I can ping opnsense and all clients.
On second and third openvpn I have configured several CSO with additional routes.
In the second vpn the CSO are working perfectly and, infact, I see in the folder /var/etc/openvpn-csc/2 I see all cso currently active.
The folder /var/etc/openvpn-csc/3 is always empty and if I try to write manually a cso it is deleted after vpn restart.
I have borrowed configuration of openvpn n3 from openvpn n2 so I do not understand why CSO works only for openvpn n2.
Can you help me?
Thanks,
Mario

Title: Re: CSO Ignored in openvpn (again?)
Post by: mgiammarco on December 05, 2022, 05:46:35 pm

Can someone help me in debugging?
Is there some option in the config file that may block CSO usage?
Thanks,
Mario

Title: [solved] Re: CSO Ignored in openvpn (again?)
Post by: mgiammarco on December 05, 2022, 06:34:17 pm

I reply to myself: if you have more than one openvpn server AND you want to use CSO you must use a different CA in each server.
I do not remember to have read this thing in any documentation.