OPNsense Forum
English Forums => Virtual private networks => Topic started by: bdario on March 18, 2022, 09:29:52 am
-
Hello folks,
Opnsense 21.7.8
Is there a way to remotely download the VPN client configuration?
Currently I have to connect to the firewall as root, go to VPN - OpenVPN - Client Export and choose the certificate to download in Archive format then pass the file to the user to insert it in the OpenVPN client.
I wish customers could download the certificate by connecting remotely to the firewall (Palo Alto Global Protect style).
Thanks for your help
Best regards
Dario
-
You could create a group and assign GUI privileges to members of that group.
Beware, that exposes all VPN configs!!!
I would welcome improvements about attaching ACLs to specific configurations :)
-
Thank you adn77 but this's not what I'm lookig for.
I need to connect from remote with my credential (stored into the firewall) and download only my certificte, like Watchguard and PaloAlto done.
Best regards.
Dario
-
I have my users logon with their login credentials to the firewall.
Access rights granted are the change password screen (where they can setup OTP) and the VPN config screen as I showed in the attached image.
As i said, currently this exposes all VPN configs and only works in the totally unsecure way if there's a single VPN config for everybody.
IMHO it should be doable to attach a GUI-ACL to each VPN config export. That way a user would only see the config which contains his certificate. If somebody could point me at where and how to implement, I'd be more than willing to :)
-
Hello adn77, nice to read from you.
what you suggest to me is a solution that I had already identified but it is not applicable because each user can download all the certificates.
I am looking for a solution to enable each user to be able to download only the certificate linked to its username, but apparently this is not possible.
Thanks for your kind cooperation.
Best regards.
Dario.