Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - jensl

Pages1
#1
25.1, 25.4 Series / Re: OpenVPN Instances strict cn matching wont work
September 19, 2025, 05:30:55 PM
hey
just found time to create an new ca completty free of any underscores and stuff - it seems like this worked (had some strange bugs before getting there bc it seems that he confused an old vpn with the new one and didnt allowed me to download the right certs at the start)

i will have a deeper look into the rest but thank you for all the help!
#2
25.1, 25.4 Series / Re: OpenVPN Instances strict cn matching wont work
September 15, 2025, 05:33:14 PM
sorry my fault - i copied the wrong one:
Code Select
        Issuer: C = DE, ST = State, L = CITY, O = FIRM e.V., CN = New_FIRM_VPNCA2
        Validity
            Not Before: Sep 11 13:41:55 2025 GMT
            Not After : Jul 25 13:41:55 2036 GMT
        Subject: C = DE, ST = State, L = CITY, O = FIRM e.V., CN = vpnadmintest
the comma was an copy error - but two things confusing me: the ca cn has _ in it - also the firm name has dots in it -> maybe there is a problem?
#3
25.1, 25.4 Series / Re: OpenVPN Instances strict cn matching wont work
September 15, 2025, 12:25:34 PM
hey just checked the cn it looks tootaly fine:

Code Select
        Signature Algorithm: sha512WithRSAEncryption
        Issuer: C = DE, ST = state, L = city, O = firm, CN = New_Medico_VPNCA2
        Validity
            Not Before: Jun 11 13:42:53 2025 GMT
            Not After : Jul 13 13:42:53 2026 GMT
        Subject: C = DE, ST = state, L = city, O = firm,, CN = vpn_jensl
#4
25.1, 25.4 Series / Re: OpenVPN Instances strict cn matching wont work
September 11, 2025, 03:50:09 PM
Hey sorry for the late response, i didnt got an notifaction from the board, i created an new account named vpnadmintest (no cases, no special characters and no underscores or anything) - still get the same error,
i created the cn without any changes (clicked search certificates for that user and then created an new one - so the cn should be matching shouldnt it?

Code Select
Warningopenvpn Username does not match certificate common name (vpnadmintest != ), access denied.
#5
25.1, 25.4 Series / OpenVPN Instances strict cn matching wont work
June 11, 2025, 04:09:26 PM
Hey,
i am troubled and dont find any way to solve this issues, so maybe someone here can give me a clue what i am doing wrong:

I did create an new instances for an openvpn server and i wanted to activate the strict cn matching feature, but when i do i cant connect:
Client gets an Auth Error
and the Log shows me the following:
Username does not match certificate common name (vpn_jensl != ), access denied.

I am very confused because my username is matching the common name (vpn_jensl) even the description of the cert
any ideas where to look deeper into that issue?
thx!
#6
High availability / Re: Instructions for HA + PPPoE
May 05, 2025, 11:49:33 AM
i am on the same boat - did u accomplish it?
#7
German - Deutsch / Re: Routing Problem zwischen VLANs
July 31, 2023, 01:36:00 PM
montag morgen.... dachte zwar ich hatte genau diese kombi (in und im lan aus dem es herausgeht) eingerichtet aber gut... jetzt funzt es...
Seltsam fand ich nur wiedermal fürs Bugfixing:
Warum habe ich erfolgreiche Verbindungen im Firewall Live Log? Wie kann ich mir das Suchen erleichtern? Was verstehe ich hier falsch? Bzw. wie geht ihr am besten vor?

VIELEN DANK jedenfalls schonmal
#8
German - Deutsch / Routing Problem zwischen VLANs
July 31, 2023, 12:10:20 PM
Liebes Forum,
ich hab so ein Problem und ich komm per tue nicht weiter, vlt hat jemand ne Idee oder ne Richtung in die ich weiter gucken kann,
ich verstehe es einfach nicht - ich habe mehre VLANs unteranderem eins für das Guest WLAN - in dem liegt ein Gerät dass aus dem Server/Monitoring VLAN erreichbar sein soll auf Port 6556. Nun habe ich dafür im Guest WLAN eine IN Rule mit der IP des Gerätes/32 und Port erstellt. Klappt nicht. Im Log der Firewall sehe ich aber diesen seltsamen Vorgang:

WAN      2023-07-31T12:01:39   Gateway IP   192.168.100.40   icmp   let out anything from firewall host itself (force gw)
LAN_Clients      2023-07-31T12:01:39   172.16.10.4   192.168.100.40   icmp   
WAN      2023-07-31T12:01:34   Gateway IP   192.168.100.40:6556   tcp   let out anything from firewall host itself (force gw)
LAN_Clients      2023-07-31T12:01:34   172.16.10.4:49688   192.168.100.40:6556   tcp   
WAN   2023-07-31T12:01:34   Gateway IP   192.168.100.40:7680   tcp   let out anything from firewall host itself (force gw)
LAN_Clients      2023-07-31T12:01:34   172.16.10.100:55469   192.168.100.40:7680   tcp

Er versucht und kommt jedesmal durch auf die IP des Gerätes 192.168.100.40:6556, dann aber macht er eine zweite Connectionen direkt dannach über den Internet Gateway (bzw. dort sehe ich dann die IP Adresse).
Das passt insofern dazu das ich vor Wochen etwas an dem Gateway ändern musste (Umstellung von Gatewaygroup mit Fallback auf eine Leitung dank Glasfaser). Ich komme nur nicht dahinter was ich falsch mache.

Die Firewall Rules werden wohl auch nicht genutzt (sehe nichts wenn ich auf Inspect gehe)

Habt ihr Ideen wo ich gerade festhänge? Wo soll ich weiter schauen
Dank euch!   
#9
General Discussion / Re: 3cx - ports not match
April 11, 2023, 06:33:04 PM
hey,
yeah i create an outbound rule - not quite sure if there is any option to put it "before" other rules?
change the mode to hybrid

(i did.... produced me quite some work the last week, but seems like they used it as an wakeup call and changed finally some other problems too)
#10
General Discussion / 3cx - ports not match
April 11, 2023, 05:47:15 PM
HELLO,

I have a freshley installated 3CX on an hyper-v (Debian install). bevor that is an opnsense, that should be configured like this:
[URL unfurl="true"]https://www.3cx.com/docs/pfsense-firewall/[/URL]

sadly i get the following errors when running the firewall check of the 3cx
testing port 5090... Mapping does not match 5090. Mapping is 15454. (How to resolve?)
testing ports [9000..9398]... failed (How to resolve?)
testing port 9000... Mapping does not match 9000. Mapping is 37427. (How to resolve?)
testing port 9002... Mapping does not match 9002. Mapping is 3031. (How to resolve?)
testing port 9004... Mapping does not match 9004. Mapping is 50285. (How to resolve?)
testing port 9006... Mapping does not match 9006. Mapping is 59049. (How to resolve?)
testing port 9008... Mapping does not match 9008. Mapping is 45467. (How to resolve?)
testing port 9010... Mapping does not match 9010. Mapping is 49269. (How to resolve?)
does anyone have any idea where i can look for further help?
i usuing an fibre connection with multiple ip adresses (the second one is used for the 3cx) and an cable connection for the normal internet.
the dns is running on an active directory and is configured for split dns.
#11
Virtual private networks / Re: OpenVPN sometimes doesnt allow network traffic
June 10, 2022, 09:24:16 AM
sadly no - sometimes i had the feeling it worked that way, but as this isnt reproducable i have to say no
#12
Virtual private networks / OpenVPN sometimes doesnt allow network traffic
June 08, 2022, 12:05:11 PM
Hello,

i have an opnensene running with three openvpn servers all with an different port.
The connection to the first twos (one is for admins, the second for the home office) is working fine.
the third one is making some troubles, that are hard to reproduce.

I limited the third one with the firewall to allow only a connection to one ip, besides that all the settings are the same as they are described in the documentation.

Sometimes i get clients who are conencted (opensense and the client are showing that they are) but cant reach that server. In some occasssions i saw that it took like 1-2 minutes after connection and then it worked...

Do u have any idea what i am doing wrong?
Pages1