For openvpn with intances, client overwrite is not attracted. In the log I can see that the name is correct on the connection, but the client does not get the correct IP. I have already adjusted the overwrites and would expect the client to get the IP from the "IPv4 Tunnel Network" field.
With the revocation-list the blocking works immediately if I enter the above mentioned commonname. Then the client can't connect anymore.
Thanks a lot.
I have found a solution.
In the overwrite, under Servers, you must not select the intance for which the overwrite should apply.
It works if you select the "/" instead.
"/"
That's an empty description with an empty port? oO
Cheers,
Franco
After installing a fresh OPNSense on a another allpiance I did following:
- created openvpn-instance
- created overwrite rule and select the created server-instance (no slash was in the list)
- the result was overwriting did not work
- then I created a server and delete it immedeately
- now the was a slash in the server-list of the overwrite rule. I selected the slash and the overwrite works.
Thanks a lot.
Ok that's pretty weird. I assume the selection is empty (you don't have to select something to match).
Another mismatch here with CSO will be fixed in 23.7.3 this week.
Cheers,
Franco
Thank you for the update.
Now I can leave the server entry in the overwrite rule blank and it works.
Unfortunately, the overwrite rule does not work if the server field contains
the instance for which this rule is actually created.
Thanks a lot !