OpenVPN CSO not write changes on filesystem - bug?

[cbs1]

Hello, we have got one problem:

Since about 1 month when we create a new OpenVPN CSO (client specific override) over the gui then nothing happens. After i research the problem i found out that on the file system (/var/etc/openvpn-csc/1) the entry doesn't will be write as a file. Therefore i change some of the existing entrys and even these entrys doesn't change on the filesystem. Is this a known bug or a configuration problem?

Version 18.7.7 in a VM

Thanks a lot.
Sascha

[mimugmail]

It gets created when logging in. Can you verify this?

[cbs1]

Thanks for the fast reply, no the client get a ip address from the pool like there is no cso. But the old created cso works fine.

Greetings
Sascha

[mimugmail]

And the CSO is chained to the correct server instance?

[cbs1]

Yes - if I manually write a "cso" file to the correct folder for the instance, it works (but i dont see it in gui - was only for testing) - but even if remove an existing entry in the gui, the CSO file is not deleted and the client still gets the old cso.

[fabio]

Maybe try to flag the server option 'Force CSO Login Matching'
That use the login name instead the certificate CN to manage the CSO

--
Fabio

[cbs1]

Thanks, i knew this option but we authorize by certificate CN not by login name

[mimugmail]

And you are using Remote Access at the server type?
You are sure your users are correctly logged out and try again?

[cbs1]

Yes we use remote access, the problem exists also when the whole opnsense is restarted.

The problem started about 1 - 2 month ago, before it worked with the same settings also when added new cso rules over 2 years. I think the problem has started after an update/upgrade but i'm not sure.

Thanks a lot
Sascha

[mimugmail]

Yep, the whole logic was reworked. Do you have some logs for me?