Messages

Hello,

We are using OpenVPN at Opnsense, and we would like to restrict the use of client configuration to company-owned devices. So, for example, users cannot just copy the client configuration to some other device and connect. We are using per-client certificates and TOTP, but also I would like to be sure from which device the client connects.

I was thinking about checking the device UUID or some mac address of the client device, using some after-auth script. But that should work on MacOS, Windows, Linux, Android, and iPhone devices. Any thoughts on this subject?

Hi all, I hope I got to the correct subforum, and hello to all, this is my first post here :)

I have a reverse proxy in front of the Opnsense GUI for some specific reasons. I want to use fail2ban as an additional guard against failed logins to the Opnsense GUI because it needs to be accessible from the outside of the network, so the users can change their own VPN passwords and get their TOTP QRcode by themselves.

I have a problem that Opnsense GUI is actually returning HTTP status 200 instead of 401 when the username/password combination is incorrect. Is there any quick fix available, or could it be requested to get fixed in some next release?

Thank you!