Hello, we have got one problem:
Since about 1 month when we create a new OpenVPN CSO (client specific override) over the gui then nothing happens. After i research the problem i found out that on the file system (/var/etc/openvpn-csc/1) the entry doesn't will be write as a file. Therefore i change some of the existing entrys and even these entrys doesn't change on the filesystem. Is this a known bug or a configuration problem?
Version 18.7.7 in a VM
Thanks a lot.
Sascha
It gets created when logging in. Can you verify this?
Thanks for the fast reply, no the client get a ip address from the pool like there is no cso. But the old created cso works fine.
Greetings
Sascha
And the CSO is chained to the correct server instance?
Yes - if I manually write a "cso" file to the correct folder for the instance, it works (but i dont see it in gui - was only for testing) - but even if remove an existing entry in the gui, the CSO file is not deleted and the client still gets the old cso.
Maybe try to flag the server option 'Force CSO Login Matching'
That use the login name instead the certificate CN to manage the CSO
--
Fabio
Thanks, i knew this option but we authorize by certificate CN not by login name
And you are using Remote Access at the server type?
You are sure your users are correctly logged out and try again?
Yes we use remote access, the problem exists also when the whole opnsense is restarted.
The problem started about 1 - 2 month ago, before it worked with the same settings also when added new cso rules over 2 years. I think the problem has started after an update/upgrade but i'm not sure.
Thanks a lot
Sascha
Yep, the whole logic was reworked. Do you have some logs for me?