Messages

1

23.7 Legacy Series / Re: OpenVPN - High Availability Synchronize - Client Specific overrides

« on: September 20, 2023, 08:44:19 pm »

Hello,

I think you are facing the same problem like me.
See: https://forum.opnsense.org/index.php?topic=36069.0

Because the CSO part of the configuration xml file is missing, it cannot be synchronized to your other HA opnsense.
Backup your config and look in the xml file at the openvpn-client section.
Does it contain sections like this?
<openvpn-csc>
<common_name>user-name</common_name>
<description>user-name</description>
<tunnel_network>10.11.11.3/24</tunnel_network>
<ovpn_servers>1</ovpn_servers>
</openvpn-csc>


Regards

2

23.7 Legacy Series / openvpn CSO not working again after updating to 23.7

« on: September 20, 2023, 05:31:31 pm »

Hello,

I have updated OPNsense to 23.7, everything went smoothly.
After a few days, some of the VPN users started complaining that their CSO settings are not getting applied.
In the GUI everything is fine, but when I look into /var/etc/openvpn-csc/1/ , I saw that some of the files have vanished.
I tried changing something in GUI at CSO section with hope that the file will be regenerated, but no luck.
I tried chmod 777 /var/etc/openvpn-csc/1, maybe some process does not have permission to write in this folder, no luck.
As workaround I manually created a file for a specific user, and openvpn successfully used it at next re-connection.
I'm using OPNsense 23.7.4.
Also the last backup before 23.7 contains the CSO settings in the xml , after the openvpn section:
</openvpn-server>
<openvpn-client/>
<openvpn-csc>
<common_name>user-name</common_name>
<description>user-name</description>
<tunnel_network>10.11.11.3/24</tunnel_network>
<ovpn_servers>1</ovpn_servers>
</openvpn-csc>

The backup after upgrading does not contain any openvpn-csc lines:
</openvpn-server>
<openvpn-client/>
</openvpn>
<ppps>
<ppp/>
</ppps>

Does any one else encountered the same situation?

Thank you!