Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
Not seeing client install packages under Client Export in openVPN
« previous
next »
Print
Pages:
1
[
2
]
Author
Topic: Not seeing client install packages under Client Export in openVPN (Read 34564 times)
mimugmail
Hero Member
Posts: 6767
Karma: 494
Re: Not seeing client install packages under Client Export in openVPN
«
Reply #15 on:
July 26, 2020, 08:54:30 pm »
When you don't use client certificates every config file is the same. You can just distribute one file to all users and only facor is user/pw
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
lshantz
Full Member
Posts: 109
Karma: 3
Re: Not seeing client install packages under Client Export in openVPN
«
Reply #16 on:
July 26, 2020, 08:58:49 pm »
Uh oh.. that is not good then. I was using the Google authenticator to make it more secure, but I think I should change the setup, so each has their own key.
Logged
mimugmail
Hero Member
Posts: 6767
Karma: 494
Re: Not seeing client install packages under Client Export in openVPN
«
Reply #17 on:
July 26, 2020, 09:10:32 pm »
Hm, I just checked the official guide and there is the error too, I'll fix that:
https://docs.opnsense.org/manual/how-tos/sslvpn_client.html
Just use User Auth + Certificate, then you'll also see the users in client export
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
lshantz
Full Member
Posts: 109
Karma: 3
Re: Not seeing client install packages under Client Export in openVPN
«
Reply #18 on:
July 28, 2020, 02:58:10 am »
I thought I would come back and report back what some of my problems were, since one of the querstions I asked was never really answered.
Under OpenVPN client export I thought it was odd that a username was not "linked". I new it had to be a certificate issue and I was loath to start creating new ones, since I was sure it worked before. I followed instructions awhile back that said to use an intermediate CA. I kind of forgot about and kept going in a rotary fashion until I started reading up on the OpenVPN website about certificates and it finally dawned on me. Select the Intermediate CA for Peer Certificate of Authority. Boom!!! Now it shows the linked user as it should.
I am now multi factor again, and working. Thanks all for helping
I'll back this sucker up and save it in case it borks again.
One more little question. They talk about talking the main CA and removing it and putting it on a thumb drive and storing. Does anyone do that? I did find where the server CA's are stored, but I'm not anxious to bork things right away. Will enjoy my newfound freedom on the road next week.
Logged
mimugmail
Hero Member
Posts: 6767
Karma: 494
Re: Not seeing client install packages under Client Export in openVPN
«
Reply #19 on:
July 28, 2020, 06:19:38 am »
The key for the CA is saved without password and sits on your outside border. This is usually not a safe design for enterprises.
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
lshantz
Full Member
Posts: 109
Karma: 3
Re: Not seeing client install packages under Client Export in openVPN
«
Reply #20 on:
July 29, 2020, 12:29:37 am »
Well if it weren't for bad luck I would not have any.
I got the system working, backed it up immediately. I then proceeded to try to do some work on the internal NAS. No connection. Nobody could see the internal network from the wireless. It is segmented and rules allow trusted devices only to connect. After some trouble shooting, I decided to pull a previous backup config file in case I had messed it up. System never came back up.
I hooked up a monitor and keyboard and the derned thing was hung in boot. I assumed the /root was corrupt. fiddled with it for hours and could not fix it. Fortunately I had a spare box, and pulled the data onto this new box.
So at least I'm up and running for work today, but.... VPN is hosed again. I am assumed each instance of an installation gets a unique hash/fingerprint, so that I will need to redo just the export for the client, or do I have to run new CA's? I am just now back up after 4 hours sleep and thought I'd ask, since there is an off chance it might help someone else.
Logged
Print
Pages:
1
[
2
]
« previous
next »
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
Not seeing client install packages under Client Export in openVPN