Messages

1

20.1 Legacy Series / Re: OpenVPN Client export for mobile devices missing

« on: April 03, 2020, 08:18:01 pm »

Did you ever find an answer to your question? I am wondering the exact same thing.

The documentation even shows there should be export options for Android and iOS.
https://docs.opnsense.org/manual/how-tos/sslvpn_client.html#android

2

20.1 Legacy Series / Bug in LDAP implementation?

« on: March 17, 2020, 04:37:34 am »

Hello!
My goal is to use LDAP to authenticate admins from my LDAP Administrators group and also authenticate OpenVPN users from my LDAP OpenVPN group.

What I've done is I've added an LDAP server (Jumpcloud) and have successfully imported users from my LDAP Administrators group to the Opnsense admin group.

I added a 2nd LDAP server (also Jumpcloud) but with the Extended Query line modified to point at my OpenVPN Group. Both LDAP servers are identical except for the Extended Query line. Either Server will work independently as intended if the other is disabled in System > Settings > Administration > Authentication.

The problem is only one sever works if both are enabled. When I hit the cloud import button, it only shows me users from one of the LDAP servers. I'm trying to import users from the Administrators group for administrator users, and import users from the OpenVPN group for use in OpenVPN authentication. It seems I can only import from one group or the other when both LDAP servers are enabled.

More information: Both LDAP servers are identical except for the Extended Query line.
Administrator Users:

Code: [Select]

&(memberOf=CN=Administrators,ou=Users,o=MYORGID,DC=jumpcloud,DC=com)OpenVPN Users:

Code: [Select]

&(memberOf=CN=OpenVPN,ou=Users,o=MYORGID,DC=jumpcloud,DC=com)
This feels like a bug, simply because both servers work perfectly independently. What can I do to import from both groups simultaneously?

3

19.7 Legacy Series / Regenerate Self-Signed Web GUI SSL Certificate

« on: December 09, 2019, 02:23:43 am »

Hello,
Is there a way to replay the generation of a new self-signed certificate like the one that was created when I installed OPNSense?

 I restored a backup of my firewall and somehow the webGUI ssl certificate has become corrupted. I switched back to HTTP to regain access to the web GUI but I cannot enable SSL without a valid certificate. The web gui won't let me just create a self-signed certificate. It has to have a CA associated with it. That would be fine but the original web gui certificate didn't require a CA.

Can someone help?

4

19.1 Legacy Series / Multi-Wan OpenVPN routing broken

« on: May 08, 2019, 06:24:09 pm »

Hello,
I am desperately trying to make OpenVPN work for me in my environment, but there is a very fundamental routing issue that I have discovered with 19.1.4. Let me explain:

I am doing a site-to-site OpenVPN connection.

------------------------------------------------

Firewall A has 3 WANs, all with static IPs.

Wan1: 173.219.186.XXX (set to default gateway)
Wan2: 65.182.94.XXX
Wan3: 206.166.210.XXX (OpenVPN Server listening on this interface)
Lan: 192.168.163.0/24

------------------------------------------------

Firewall B is very simple, 1 wan, 1 lan.

Wan1: 38.68.2.XXX (Same carrier as Wan3 above)
Lan: 192.168.1.0/24

------------------------------------------------

The problem is the OpenVPN connection gets established on Wan3 (Firewall A shows VPN is UP), but Firewall A returns traffic on whatever interface has the default gateway (Wan1 in my case).

Things to know:
1. If I set the default Gateway on Firewall A to the same interface the OpenVPN Server is listening on, everything works perfectly.
2. The system routing table looks correct (same as my other PFSense firewall setup similar to this one)
3. I've toggled On/Off the following, rebooting after each change. No change in the behavior described:
  3a. Disable force gateway
  3b. Bypass firewall rules for traffic on the same interface
  3c. Use sticky connections

I am at a loss on how to fix this. Can anyone help me troubleshoot this?