Messages

I mean the certificate check on the vpn in relation to the linked user certificate.

Currently it's more a UI thing as it is not enforced i think. Is the intention to still make it possible to manually(/api) connect a user to any certificate and enforce this relationship on openvpn auth?

I mean the connection between the certificate and user in the opnsense UI.

Agree to disagree.

As a sysadmin i am the one who decides on what certificate belongs to what user. Not any kind of rule from any kind of system.

If i decide the issue a certificate per user device it will never match the username because i use the device name.

It still would be nice to be able to connect the user to that certificate. It would be even better if opnsense would enforce the certificate usage to only the given user or users if that certificate is linked to more than one user.

@franco could u elaborate on the direction opnsense is going with this. And/or any other places where we could have a discussion on it.

Here is a link to a related issue: https://github.com/opnsense/core/issues/7845

I noticed the same issue.

As a side note i don't think opnsense does much with the certificate connection to the user but still it should be possible.