Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - mdesortis

Pages1
#1
23.7 Legacy Series / Re: OpenVPN CSO what happened to custom_options
October 23, 2023, 04:43:06 PM
Hi.
I try to explain more deeply.

VPN Server has "IPv4 Tunnel Network" is set to "192.168.20.0/24"
"Topology" flag is checked.
"Force CSO Login Matching" flag is checked.
No other options specified.

User I want to login has following CSO configuration:
"Common Name" is identical to username
"IPV4 Tunnel Network" is set to "192.168.20.5/24"
No other options specified.

When user connect to VPN Server It always get 192.168.20.2 IP address, not 192.168.20.5.

In previous version of OPNSense (don't remember which one) I was obliged to set "Force CSO Login Matching" because if not user's CSO were ignored because there was non matching between username and common name.

#2
23.7 Legacy Series / Re: OpenVPN CSO what happened to custom_options
October 23, 2023, 03:24:37 PM
So sad, not resolved.

Tried to check and uncheck "Topology", "Dynamic IP" and "Force CSO Login Matching" in several tests usign 2 clients, 1 Windows and 1 Android.
In all cases the IP address associated with clients are always first available (192.168.20.2, 192.168.20.3 ...) despite I use common name in CSO configuration.

Do I need to modify any configuration file? XML or so on? Is there a patch that could be installed?
Version is 23.7.6.

Thanks in advance.
Mario.
#3
23.7 Legacy Series / Re: OpenVPN CSO what happened to custom_options
October 21, 2023, 03:11:57 PM
Quote from: gdur on October 20, 2023, 06:49:48 PM
You have likely missed my previous post in this thread. Follow my solution at https://forum.opnsense.org/index.php?topic=35447.0

If you mean "Topology" check in server configuration, it's been always checked and never being disabled.
#4
23.7 Legacy Series / Re: OPenVPN: Can't set static ip in client overrides
October 20, 2023, 04:40:31 PM
Quote from: ivoryblade on October 20, 2023, 01:08:16 PM
Sorry - found it was solved (https://forum.opnsense.org/index.php?topic=35149.msg170397#msg170397) earlier.

Did You solve? I still not.
#5
23.7 Legacy Series / Re: OpenVPN CSO what happened to custom_options
October 20, 2023, 04:38:43 PM
Hi All,
I'm Mario and this is my first post on this forum. Pleased to meet You.

I.ve upgraded OPNSense to version 23.7.6 and tried to reconfigure static ip assignment to my OpenVPN clients but this does not work.

My OpenVPN server creates the following subnet 192.168.20.0/24. I want a certain user to login and get always IP 192.168.20.8, so I configured in CSO "IPv4 Tunnel network" to "192.168.20.8/32". It does not work.  :-[

It seems that CSO are completely ignored when client with specific username is logging in. Confirmed also by trying to check the option "Connection blocking"; use can still login normally.

It seems that common name and username never match. I also checked "Force CSO Login Matching" but does not work.

Where am I wrong?
Thanks in advance.
Mario.
Pages1