Hi all,
we run OpenVPN for remote access and I am in the process of migrating from a dedicated VPN gateway running pfSense to our office firewall HA pair running OPNsense 24.7.1.
Technical issues are almost completely ironed out - things seem to work quite well.
I have one issue with the Connection Status display, though.
We use identical certificates for all users that we include in the single .ovpn configuration file everybody uses. Users are then authenticated with username and password against our Active Directory over LDAPS.
In the old pfSense system the OpenVPN status display lists the logged in users. In OPNsense it lists the CN from the client cert - which is obviously useless in our case. See screenshots, please.
Is this intentional? Would it work differently if I use the legacy setup instead of "Instances"? I can try and code something like
- is there a defined user name for the client connection?
- if yes, display this instead of the CN
and file a pull request. I just want to check the intention with the new "Instances" implementation, first. No idea how much effort this is going to take. Possibly make it a checkbox? "Display user name instead of CN"?