OPNsense Forum
Archive => 18.7 Legacy Series => Topic started by: cbs1 on November 20, 2018, 08:59:05 am
-
Hello, we have got one problem:
Since about 1 month when we create a new OpenVPN CSO (client specific override) over the gui then nothing happens. After i research the problem i found out that on the file system (/var/etc/openvpn-csc/1) the entry doesn't will be write as a file. Therefore i change some of the existing entrys and even these entrys doesn't change on the filesystem. Is this a known bug or a configuration problem?
Version 18.7.7 in a VM
Thanks a lot.
Sascha
-
It gets created when logging in. Can you verify this?
-
Thanks for the fast reply, no the client get a ip address from the pool like there is no cso. But the old created cso works fine.
Greetings
Sascha
-
And the CSO is chained to the correct server instance?
-
Yes - if I manually write a "cso" file to the correct folder for the instance, it works (but i dont see it in gui - was only for testing) - but even if remove an existing entry in the gui, the CSO file is not deleted and the client still gets the old cso.
-
Maybe try to flag the server option 'Force CSO Login Matching'
That use the login name instead the certificate CN to manage the CSO
--
Fabio
-
Thanks, i knew this option but we authorize by certificate CN not by login name
-
And you are using Remote Access at the server type?
You are sure your users are correctly logged out and try again?
-
Yes we use remote access, the problem exists also when the whole opnsense is restarted.
The problem started about 1 - 2 month ago, before it worked with the same settings also when added new cso rules over 2 years. I think the problem has started after an update/upgrade but i'm not sure.
Thanks a lot
Sascha
-
Yep, the whole logic was reworked. Do you have some logs for me?