Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
OpenVPN client remotely download
« previous
next »
Print
Pages: [
1
]
Author
Topic: OpenVPN client remotely download (Read 2283 times)
bdario
Jr. Member
Posts: 63
Karma: 2
OpenVPN client remotely download
«
on:
March 18, 2022, 09:29:52 am »
Hello folks,
Opnsense 21.7.8
Is there a way to remotely download the VPN client configuration?
Currently I have to connect to the firewall as root, go to VPN - OpenVPN - Client Export and choose the certificate to download in Archive format then pass the file to the user to insert it in the OpenVPN client.
I wish customers could download the certificate by connecting remotely to the firewall (Palo Alto Global Protect style).
Thanks for your help
Best regards
Dario
Logged
adn77
Newbie
Posts: 23
Karma: 2
Re: OpenVPN client remotely download
«
Reply #1 on:
March 18, 2022, 09:58:53 am »
You could create a group and assign GUI privileges to members of that group.
Beware, that exposes all VPN configs!!!
I would welcome improvements about attaching ACLs to specific configurations
Logged
bdario
Jr. Member
Posts: 63
Karma: 2
Re: OpenVPN client remotely download
«
Reply #2 on:
March 18, 2022, 10:18:01 am »
Thank you adn77 but this's not what I'm lookig for.
I need to connect from remote with my credential (stored into the firewall) and download only my certificte, like Watchguard and PaloAlto done.
Best regards.
Dario
Logged
adn77
Newbie
Posts: 23
Karma: 2
Re: OpenVPN client remotely download
«
Reply #3 on:
March 20, 2022, 10:31:17 pm »
I have my users logon with their login credentials to the firewall.
Access rights granted are the change password screen (where they can setup OTP) and the VPN config screen as I showed in the attached image.
As i said, currently this exposes all VPN configs and only works in the totally unsecure way if there's a single VPN config for everybody.
IMHO it should be doable to attach a GUI-ACL to each VPN config export. That way a user would only see the config which contains his certificate. If somebody could point me at where and how to implement, I'd be more than willing to
Logged
bdario
Jr. Member
Posts: 63
Karma: 2
Re: OpenVPN client remotely download
«
Reply #4 on:
March 21, 2022, 08:04:40 am »
Hello adn77, nice to read from you.
what you suggest to me is a solution that I had already identified but it is not applicable because each user can download all the certificates.
I am looking for a solution to enable each user to be able to download only the certificate linked to its username, but apparently this is not possible.
Thanks for your kind cooperation.
Best regards.
Dario.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
OpenVPN client remotely download