Not seeing client install packages under Client Export in openVPN

[jljb66]

running:

OPNsense 19.7.4_1-amd64
FreeBSD 11.2-RELEASE-p14-HBSD
OpenSSL 1.0.2s 28 May 2019

I have configured the authoritative and server certificates, user name and cert but when I try to perform the client export i do not see "link to openvpn clients" at the bottom of the page. In addition I see an option "export type" which is not in the documentation.

AM I missing something? see screenshot for info.

[jljb66]

bump..

any ideas please?

[BoratsBodyguard]

The same exact issue here.  Anyone know how to work around this or what I may have missed?

OPNsense 19.7.4_1-amd64
FreeBSD 11.2-RELEASE-p14-HBSD
OpenSSL 1.0.2s 28 May 2019

[lshantz]

I had mine working just fine, but due to a major configuration issue with the DMZ and LAN we had to restore back to an earlier version and had to redo the OpenVPN. Mine is multi-factor and I could connect fine, but could not get out to the internet or internal net. It should have worked, but I think I made the mistake of assuming something was corrupt and deleted my OpenVPN server, reinstalling OpenVPN and starting "over".

Well now I'm really hosed. I have lost the user link to export. I even created a new certificate in an attempt to redo everything. Still no go. So at this point, I don't know if an update has borked it, I have corrupted something, or the process has changed and the docs don't reflect it.

[jan]

I have the exact same isue

There is no "Client Install Packages" entry under "VPN: OpenVPN: Client Export" after configuring VPN Server

  OPNsense 19.7.6-amd64
  FreeBSD 11.2-RELEASE-p14-HBSD
  OpenSSL 1.0.2t 10 Sep 2019

This installation is some years old and has always been updated. Maybe we lost some features on this way?

Thanks
Jan

[lshantz]

I'll take a chance someone will see this. I finally decided to come back and revisit this and found that I had the wrong certificate in the Client export. It is showing "SSLVPN Server Certificate" and I believe it should be the user certificate. I can not for the life of me figure out where to change this. I thought that maybe if I deleted the linked user certificate under my user id might force it. Alas, when I went to select System/Access/User/User Certificate, I chose use existing certificate. Nothing came up. Just 2 boxes to past raw certificate data. I tried about 5 times, and all of a sudden it popped up. I am wondering if I have uncovered a bug?

More importantly, how do I change the certificate under VPN/OPENVPN/ClientExport/ at the very bottom where is shows Accounts/Certificates mine shows SSLVPN Server Certificate. Linked users are blank. I don't see anywhere in the documentation where to modify this. Anybody?

[mimugmail]

I'll take a chance someone will see this. I finally decided to come back and revisit this and found that I had the wrong certificate in the Client export. It is showing "SSLVPN Server Certificate" and I believe it should be the user certificate. I can not for the life of me figure out where to change this. I thought that maybe if I deleted the linked user certificate under my user id might force it. Alas, when I went to select System/Access/User/User Certificate, I chose use existing certificate. Nothing came up. Just 2 boxes to past raw certificate data. I tried about 5 times, and all of a sudden it popped up. I am wondering if I have uncovered a bug?

More importantly, how do I change the certificate under VPN/OPENVPN/ClientExport/ at the very bottom where is shows Accounts/Certificates mine shows SSLVPN Server Certificate. Linked users are blank. I don't see anywhere in the documentation where to modify this. Anybody?

It seems you have 2 CA's and the server certificate the server runs is from a different CA than the one from the client, so it will not be  shown.
Just be sure to use one CA and no groups at the beginning to have a first success

[lshantz]

I've not added or changed certificates. It did work originally, but then after some unknown issues, it quit working. I have never managed to get it working right since.

[mimugmail]

Screenshots of OpenVPN Server, Client Export and certificates

[lshantz]

Well they say a picture is worth a 1,000 words, so hopefully this will help.
Pic 1

[lshantz]

pic2

[lshantz]

pic 3

[lshantz]

pic4

[mimugmail]

You set Server Mode to User Auth, this means there is no client certificates required. Thats it

[lshantz]

This is confusing to me. So if no client certificate required, does this explain why there are no linked users?