I am trying to setup OpenVPN using the certificates generated by my own PKI. I did the following:
- setup OpenVPN following the official docs to make sure it works using OPNsense own root CA
- use my root CA to create an intermediate CA (on another host)
- use the intermediate CA to generate certificates (1 for server + 1 for client) for OpenVPN
- copy the certs to OPNsense and import them using https://github.com/pluspol-interactive/opnsense-import-certificate
- create a user in OPNsense
- link the client cert to the user
- openvpn > Client export to get the client files. But I get stuck here: the user I created doesn't show in the list to be exported.
Perhaps I don't need the client cert on OPNsense, however I wanted to export the client from OPNsense to ensure the config is correct.
What am I missing here? Any hint/tip would be much appreciated.
I think you don't have to link the client cert to the user.
You can specify it on the client configuration.
(I'm using OpenVPN with external auth too).
W