OPNsense Forum
Archive => 17.7 Legacy Series => Topic started by: inc10521 on August 25, 2017, 11:28:46 am
-
Hello,
I have used this functionality with version 16.x and that worked fine.
Now i have a new setup with latest version (17.7), created an open vpn server with the wizzard / intern CA etc.
When i create a new user and assign a newly created internal certificate, the user does not show up on the export page.
Also assigning a newly created certificate to an existing user same result.
The export user settings list stays empty...
Am i doing something wrong? Is there new functionality or checkbox i overlooked?
Kind regards and happy with all the help i can get :-)
Marcel
-
Hi Marcel,
It's a setting that's missing for sure.
Did you select "Remote Access" mode in the OpenVPN server settings?
Cheers,
Franco
-
I have double checked the settings...
Like the attached snippings ;-)
-
It says "------- CA" and "OpenVPN Server CA", not sure if the same?
-
I think i have an idea why this is not working :-)
In pf i had an internal CA server/service.
I assumed when going thru the wizzard i had created an CA.
And when i made User Certs i was assuming they where created from a Request of the internal CA.
I can't find an internal CA (Cert Service) as i used to have in pf :-)
Could that be the reason why?
I have to find a "How to OpenVPN with OPNSense" i think ...
-
The CA in the server must match the CA issuing the client cert, otherwise the exporter won't show the users because they have no matching certs.
I think the process is the same for both senses, with the exporter's user export being particularly picky about the preconditions. :)
Cheers,
Franco
-
Thanks Franco!
I noticed a second CA which i was not aware of.
How can i give you kudo's? ;-)
Kind regards,
Marcel
-
Hi Marcel,
Help someone else some day when you can, that's all. :)
Marking this solved.
Cheers,
Franco