Not seeing client install packages under Client Export in openVPN

Started by jljb66, September 26, 2019, 08:23:20 PM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
September 26, 2019, 08:23:20 PM
running:

OPNsense 19.7.4_1-amd64
FreeBSD 11.2-RELEASE-p14-HBSD
OpenSSL 1.0.2s 28 May 2019

I have configured the authoritative and server certificates, user name and cert but when I try to perform the client export i do not see "link to openvpn clients" at the bottom of the page. In addition I see an option "export type" which is not in the documentation.

AM I missing something? see screenshot for info.
October 03, 2019, 09:07:45 PM #1
bump..

any ideas please?
October 05, 2019, 09:35:10 AM #2
The same exact issue here.  Anyone know how to work around this or what I may have missed?

OPNsense 19.7.4_1-amd64
FreeBSD 11.2-RELEASE-p14-HBSD
OpenSSL 1.0.2s 28 May 2019
October 21, 2019, 07:50:45 PM #3
I had mine working just fine, but due to a major configuration issue with the DMZ and LAN we had to restore back to an earlier version and had to redo the OpenVPN. Mine is multi-factor and I could connect fine, but could not get out to the internet or internal net. It should have worked, but I think I made the mistake of assuming something was corrupt and deleted my OpenVPN server, reinstalling OpenVPN and starting "over".

Well now I'm really hosed. I have lost the user link to export. I even created a new certificate in an attempt to redo everything. Still no go. So at this point, I don't know if an update has borked it, I have corrupted something, or the process has changed and the docs don't reflect it.
January 18, 2020, 04:20:07 PM #4
I have the exact same isue

There is no "Client Install Packages" entry under "VPN: OpenVPN: Client Export" after configuring VPN Server

  OPNsense 19.7.6-amd64
  FreeBSD 11.2-RELEASE-p14-HBSD
  OpenSSL 1.0.2t 10 Sep 2019

This installation is some years old and has always been updated. Maybe we lost some features on this way?

Thanks
Jan
July 25, 2020, 02:48:52 AM #5
I'll take a chance someone will see this. I finally decided to come back and revisit this and found that I had the wrong certificate in the Client export. It is showing "SSLVPN Server Certificate" and I believe it should be the user certificate. I can not for the life of me figure out where to change this. I thought that maybe if I deleted the linked user certificate under my user id might force it. Alas, when I went to select System/Access/User/User Certificate, I chose use existing certificate. Nothing came up. Just 2 boxes to past raw certificate data. I tried about 5 times, and all of a sudden it popped up. I am wondering if I have uncovered a bug?

More importantly, how do I change the certificate under VPN/OPENVPN/ClientExport/ at the very bottom where is shows Accounts/Certificates mine shows SSLVPN Server Certificate. Linked users are blank. I don't see anywhere in the documentation where to modify this. Anybody?
July 25, 2020, 07:33:34 AM #6
Quote from: lshantz on July 25, 2020, 02:48:52 AM
I'll take a chance someone will see this. I finally decided to come back and revisit this and found that I had the wrong certificate in the Client export. It is showing "SSLVPN Server Certificate" and I believe it should be the user certificate. I can not for the life of me figure out where to change this. I thought that maybe if I deleted the linked user certificate under my user id might force it. Alas, when I went to select System/Access/User/User Certificate, I chose use existing certificate. Nothing came up. Just 2 boxes to past raw certificate data. I tried about 5 times, and all of a sudden it popped up. I am wondering if I have uncovered a bug?

More importantly, how do I change the certificate under VPN/OPENVPN/ClientExport/ at the very bottom where is shows Accounts/Certificates mine shows SSLVPN Server Certificate. Linked users are blank. I don't see anywhere in the documentation where to modify this. Anybody?

It seems you have 2 CA's and the server certificate the server runs is from a different CA than the one from the client, so it will not be  shown.
Just be sure to use one CA and no groups at the beginning to have a first success
July 25, 2020, 08:34:18 PM #7
I've not added or changed certificates. It did work originally, but then after some unknown issues, it quit working. I have never managed to get it working right since.
July 25, 2020, 11:18:53 PM #8
Screenshots of OpenVPN Server, Client Export and certificates
July 26, 2020, 01:31:31 AM #9
Well they say a picture is worth a 1,000 words, so hopefully this will help.
Pic 1
July 26, 2020, 01:32:42 AM #10
pic2
July 26, 2020, 01:35:14 AM #11
pic 3
July 26, 2020, 01:35:48 AM #12
pic4
July 26, 2020, 06:53:02 AM #13
You set Server Mode to User Auth, this means there is no client certificates required. Thats it :)
July 26, 2020, 07:35:16 PM #14
This is confusing to me. So if no client certificate required, does this explain why there are no linked users?
Print
Go Up Pages1 2
User actions