Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
OpenVPN No Client Export Option - The Solution You're Probably Looking For...
« previous
next »
Print
Pages: [
1
]
Author
Topic: OpenVPN No Client Export Option - The Solution You're Probably Looking For... (Read 4730 times)
anomaly0617
Jr. Member
Posts: 50
Karma: 0
OpenVPN No Client Export Option - The Solution You're Probably Looking For...
«
on:
June 29, 2021, 09:52:30 pm »
See
https://forum.opnsense.org/index.php?topic=13354.0
. You cannot reply to archived threads, so I'm creating a new thread here.
Every once in awhile I have this problem as well, and figuring it out is a pain in the butt, because not everyone does OpenVPN the same. In our case, we use Active Directory as the back end authentication mechanism. When the "Client Export" page has no link at the bottom, you start to pull your hair out trying to figure out what you did wrong... so here's the answer...
Look at the certificate you linked to in your OpenVPN Server configuration. Grab it's name and then go to System > Trust > Certificates. Is it Self-Signed? If so, that's your issue.
Make sure you have a Certificate Authority for your firewall. Add one under Trust > Authorities > Add. It can be Self-Signed, because it's a Certificate Authority (ie: Something that can create and issue certificates).
Next, create a new Certificate under System > Trust> Certificates.
Create an
Internal Certificate
.
For Certificate Authority, choose the
Certificate Authority you created above
.
Under Type, make sure you select
Server Certificate
.
I usually set the Lifetime of this certificate to something like 3650 (10 Years). You likely don't want to have to reissue VPN profiles to users that often.
Fill in all the information. Under Common Name, give it something unique, like
SSLVPN Certificate
or something similar.
Save it, and let's go back to OpenVPN Servers.
VPN > OpenVPN > Servers
Edit Your Server.
Under the Cryptographic Settings section, look at Server Certificate and select the one you just created.
Go to the bottom and click Save.
Go to VPN > OpenVPN > Client Export. You should now have a link to select.
I'm a fan of "File Only" because it bundles everything up into one nice file for OpenVPN to import.
I also change the Hostname to a DNS resolvable name. This makes life easier when you change ISPs.
Hope this helps!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
OpenVPN No Client Export Option - The Solution You're Probably Looking For...