Messages

1

16.7 Legacy Series / Re: Newbie VPN troubles

« on: November 04, 2016, 02:36:49 am »

The first time I set up the VPN I was able to authenticate but not pass traffic. At the moment I can't even generate a client config because no users are listed in the "export client config" page.

2

16.7 Legacy Series / Newbie VPN troubles

« on: November 03, 2016, 06:40:10 pm »

Hi all, this is my first time working with OPNsense. I'm running OPNsense 16.7.7-amd64 and so far my experience has been very positive. Nice work team!

I am running into some trouble with OpenVPN server configuration. I've been using the VPN how-to document as a guide (https://docs.opnsense.org/manual/how-tos/sslvpn_client.html). I am setting it up for certificate + user name/pwd authentication (no TOTP).

The first time I tried it, everything worked as expected and my VPN client authenticated, but I got my firewall rules wrong so no traffic was allowed. While I was trying to find that problem, in the course of deleting and re-creating VPN servers / users / certificates I now have got myself to a state where when I try to export client configurations, no clients are listed under "Client Install Packages". Instead, it says "Authentication Only (no cert)".

The help topic here says "If you expect to see a certain client in the list but it is not there, it is usually due to a CA mismatch between the OpenVPN server instance and the client certificates found in the User Manager". I only have a single CA, and it was used for all the certs and is selected in the VPN server config.

I am pretty sure I have set up the CA, server cert, user account, and user cert correctly. I've deleted and re-created CA, certs, user account and VPN server several times with the same result. What am I missing?

Thanks in advance for your assistance.