Messages

1

24.7 Production Series / Re: choose an existing certificate for user in opnsense 24.7.X

« on: October 21, 2024, 09:01:19 am »

I mean the certificate check on the vpn in relation to the linked user certificate.

Currently it's more a UI thing as it is not enforced i think. Is the intention to still make it possible to manually(/api) connect a user to any certificate and enforce this relationship on openvpn auth?

2

24.7 Production Series / Re: choose an existing certificate for user in opnsense 24.7.X

« on: October 17, 2024, 02:35:29 pm »

I mean the connection between the certificate and user in the opnsense UI.

3

24.7 Production Series / Re: choose an existing certificate for user in opnsense 24.7.X

« on: October 17, 2024, 11:14:46 am »

Agree to disagree.

As a sysadmin i am the one who decides on what certificate belongs to what user. Not any kind of rule from any kind of system.

If i decide the issue a certificate per user device it will never match the username because i use the device name.

It still would be nice to be able to connect the user to that certificate. It would be even better if opnsense would enforce the certificate usage to only the given user or users if that certificate is linked to more than one user.

@franco could u elaborate on the direction opnsense is going with this. And/or any other places where we could have a discussion on it.

4

24.7 Production Series / Re: choose an existing certificate for user in opnsense 24.7.X

« on: October 16, 2024, 01:59:27 pm »

Here is a link to a related issue: https://github.com/opnsense/core/issues/7845

5

24.7 Production Series / Re: choose an existing certificate for user in opnsense 24.7.X

« on: October 15, 2024, 09:48:24 am »

I noticed the same issue.

As a side note i don't think opnsense does much with the certificate connection to the user but still it should be possible.