Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
OpenVPN and certifcate issue
« previous
next »
Print
Pages: [
1
]
Author
Topic: OpenVPN and certifcate issue (Read 4609 times)
lshantz
Full Member
Posts: 109
Karma: 3
OpenVPN and certifcate issue
«
on:
July 25, 2020, 02:58:02 am »
At one point I had my OpenVPN working just fine and awhile back, it quit working, and I borked it so badly it has never worked since. I made the mistake of posting this question on an OLD thread. I finally found this place to post.
I finally decided to come back and revisit this and found that I had the wrong certificate in the Client export. It is showing "SSLVPN Server Certificate" and I believe it should be the user certificate. I can not for the life of me figure out where to change this. I thought that maybe if I deleted the linked user certificate under my user id might force it. Alas, when I went to select System/Access/User/User Certificate, I chose use existing certificate. Nothing came up. Just 2 boxes to past raw certificate data. I tried about 5 times, and all of a sudden it popped up. I am wondering if I have uncovered a bug?
More importantly, how do I change the certificate under VPN/OPENVPN/ClientExport/ at the very bottom where is shows Accounts/Certificates mine shows SSLVPN Server Certificate. Linked users are blank. I don't see anywhere in the documentation where to modify this. Anybody?
Logged
mimugmail
Hero Member
Posts: 6767
Karma: 494
Re: OpenVPN and certifcate issue
«
Reply #1 on:
July 25, 2020, 07:56:30 am »
In client export only certficates are listed which were created by the same CA used by the openvpn server itself.
Just check if they are same
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
lshantz
Full Member
Posts: 109
Karma: 3
Re: OpenVPN and certifcate issue
«
Reply #2 on:
July 25, 2020, 08:42:08 pm »
Okay, so if I understand... The exported certificate should be the same as the server certificate on the vpn server?
The documentation seemed to indicate that the exported Certificate should be a user certificate. The failure I'm seeing in the logs is: error=unsupported certificate purpose. So I was assuming this matched with what I saw in the docs.
The other thing that seems odd to me, is in VPN/OPENVPN/Client export/ under linked users: nothing. Should I not see the name of the user there?
Logged
mimugmail
Hero Member
Posts: 6767
Karma: 494
Re: OpenVPN and certifcate issue
«
Reply #3 on:
July 25, 2020, 11:23:02 pm »
No, they should both be created by the same CA
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
lshantz
Full Member
Posts: 109
Karma: 3
Re: OpenVPN and certifcate issue
«
Reply #4 on:
July 26, 2020, 01:38:55 am »
Your answer is cryptic, incomplete and confusing.
No, certificate should be the same. So server for the export, not user. ? The rest is unanswered
«
Last Edit: July 26, 2020, 01:41:02 am by lshantz
»
Logged
mimugmail
Hero Member
Posts: 6767
Karma: 494
Re: OpenVPN and certifcate issue
«
Reply #5 on:
July 26, 2020, 06:53:31 am »
See my post in other thread
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
bartjsmit
Hero Member
Posts: 2018
Karma: 194
Re: OpenVPN and certifcate issue
«
Reply #6 on:
July 26, 2020, 10:13:01 am »
X509 PKI is fairly straightforward;
https://techblognow.wordpress.com/2015/02/20/x-509-certificates-explained/
It is all just text and you can combine client cert, key and CA cert into a single .ovpn file with all the other options:
dev tun
cipher ...
client
remote ...
auth-user-pass
...
<ca>
-----BEGIN CERTIFICATE-----
...text...
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
...text...
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
...text...
-----END PRIVATE KEY-----
</key>
Full details are here:
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
Bart...
Logged
lshantz
Full Member
Posts: 109
Karma: 3
Re: OpenVPN and certifcate issue
«
Reply #7 on:
July 26, 2020, 08:32:29 pm »
Thanks! I think that may make more sense. I'm not sure if there is a problem with the GUI or it isn't clear or what. I used openvpn in Pfsense for over a year. When I made the switch, I got it working and then after around 1 month it stopped after an upgrade. I've never got it working again in Opnsense.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
OpenVPN and certifcate issue