OpenVPN - High Availability Synchronize - Client Specific overrides

Started by R1mSG, September 18, 2023, 11:56:37 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 18, 2023, 11:56:37 AM
Hey,


after the Client Specific overrides were changed in the last updates, I noticed that they are not synchronized via High Availability Synchronize at all.

The options under System: High Availability: Settings are all set.
Is this the way it should be?
I could not find anything about this anywhere.


Greetings,
R1mSG
September 20, 2023, 08:44:19 PM #1
Hello,

I think you are facing the same problem like me.
See: https://forum.opnsense.org/index.php?topic=36069.0

Because the CSO part of the configuration xml file is missing, it cannot be synchronized to your other HA opnsense.
Backup your config and look in the xml file at the openvpn-client section.
Does it contain sections like this?
<openvpn-csc>
<common_name>user-name</common_name>
<description>user-name</description>
<tunnel_network>10.11.11.3/24</tunnel_network>
<ovpn_servers>1</ovpn_servers>
</openvpn-csc>


Regards
October 04, 2023, 04:07:01 PM #2
Hey,

sorry for the late feedback.

It seems to work again in the meantime.
I tested it with several firewalls and it worked with all of them without any problems.
Why it didn't work with all of them bevor, I can't say.

About the "<openvpn-csc>" entries.
Yes, they are no longer included in the config.xml files.
But I rather assume that these were replaced in the last updates by "<Overwrite uuid" entries.
At least in old backups I can find the "<openvpn-csc>" entries in any case.
But I have not deep dived into the whole thing.

Greetings,
R1mSG
Print
Go Up Pages1
User actions