1
16.7 Legacy Series / Newbie VPN troubles
« on: November 03, 2016, 06:40:10 pm »
Hi all, this is my first time working with OPNsense. I'm running OPNsense 16.7.7-amd64 and so far my experience has been very positive. Nice work team!
I am running into some trouble with OpenVPN server configuration. I've been using the VPN how-to document as a guide (https://docs.opnsense.org/manual/how-tos/sslvpn_client.html). I am setting it up for certificate + user name/pwd authentication (no TOTP).
The first time I tried it, everything worked as expected and my VPN client authenticated, but I got my firewall rules wrong so no traffic was allowed. While I was trying to find that problem, in the course of deleting and re-creating VPN servers / users / certificates I now have got myself to a state where when I try to export client configurations, no clients are listed under "Client Install Packages". Instead, it says "Authentication Only (no cert)".
The help topic here says "If you expect to see a certain client in the list but it is not there, it is usually due to a CA mismatch between the OpenVPN server instance and the client certificates found in the User Manager". I only have a single CA, and it was used for all the certs and is selected in the VPN server config.
I am pretty sure I have set up the CA, server cert, user account, and user cert correctly. I've deleted and re-created CA, certs, user account and VPN server several times with the same result. What am I missing?
Thanks in advance for your assistance.
I am running into some trouble with OpenVPN server configuration. I've been using the VPN how-to document as a guide (https://docs.opnsense.org/manual/how-tos/sslvpn_client.html). I am setting it up for certificate + user name/pwd authentication (no TOTP).
The first time I tried it, everything worked as expected and my VPN client authenticated, but I got my firewall rules wrong so no traffic was allowed. While I was trying to find that problem, in the course of deleting and re-creating VPN servers / users / certificates I now have got myself to a state where when I try to export client configurations, no clients are listed under "Client Install Packages". Instead, it says "Authentication Only (no cert)".
The help topic here says "If you expect to see a certain client in the list but it is not there, it is usually due to a CA mismatch between the OpenVPN server instance and the client certificates found in the User Manager". I only have a single CA, and it was used for all the certs and is selected in the VPN server config.
I am pretty sure I have set up the CA, server cert, user account, and user cert correctly. I've deleted and re-created CA, certs, user account and VPN server several times with the same result. What am I missing?
Thanks in advance for your assistance.