OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 16.7 Legacy Series »
  • Newbie VPN troubles
« previous next »
  • Print
Pages: [1]

Author Topic: Newbie VPN troubles  (Read 3595 times)

hooter

  • Newbie
  • *
  • Posts: 2
  • Karma: 0
    • View Profile
Newbie VPN troubles
« on: November 03, 2016, 06:40:10 pm »
Hi all, this is my first time working with OPNsense. I'm running OPNsense 16.7.7-amd64 and so far my experience has been very positive. Nice work team!

I am running into some trouble with OpenVPN server configuration. I've been using the VPN how-to document as a guide (https://docs.opnsense.org/manual/how-tos/sslvpn_client.html). I am setting it up for certificate + user name/pwd authentication (no TOTP).

The first time I tried it, everything worked as expected and my VPN client authenticated, but I got my firewall rules wrong so no traffic was allowed. While I was trying to find that problem, in the course of deleting and re-creating VPN servers / users / certificates I now have got myself to a state where when I try to export client configurations, no clients are listed under "Client Install Packages". Instead, it says "Authentication Only (no cert)".

The help topic here says "If you expect to see a certain client in the list but it is not there, it is usually due to a CA mismatch between the OpenVPN server instance and the client certificates found in the User Manager". I only have a single CA, and it was used for all the certs and is selected in the VPN server config.

I am pretty sure I have set up the CA, server cert, user account, and user cert correctly. I've deleted and re-created CA, certs, user account and VPN server several times with the same result. What am I missing?

Thanks in advance for your assistance.
Logged

Julien

  • Hero Member
  • *****
  • Posts: 651
  • Karma: 32
    • View Profile
Re: Newbie VPN troubles
« Reply #1 on: November 03, 2016, 08:41:58 pm »
As i understand,
you are able to athenticate but not able to access the devices behind the VPN ?
Logged
An intelligent man is sometimes forced to be drunk to spend time with his fool.

hooter

  • Newbie
  • *
  • Posts: 2
  • Karma: 0
    • View Profile
Re: Newbie VPN troubles
« Reply #2 on: November 04, 2016, 02:36:49 am »
The first time I set up the VPN I was able to authenticate but not pass traffic. At the moment I can't even generate a client config because no users are listed in the "export client config" page.
Logged

Julien

  • Hero Member
  • *****
  • Posts: 651
  • Karma: 32
    • View Profile
Re: Newbie VPN troubles
« Reply #3 on: November 04, 2016, 03:32:58 pm »
Quote from: hooter on November 04, 2016, 02:36:49 am
The first time I set up the VPN I was able to authenticate but not pass traffic. At the moment I can't even generate a client config because no users are listed in the "export client config" page.

if the first one has worked and you wasnt able to pass the traffic over the VPN, means the firewall rules were not applied correctly on the OPEN VPN internface.
make sure to allow all on the OPEN VPN internface to allow the traffic.

if the users are not listed in the export client config means your certificate configuration is not correctly applied.
i would suggest to check the certificates settings.
Logged
An intelligent man is sometimes forced to be drunk to spend time with his fool.
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 16.7 Legacy Series »
  • Newbie VPN troubles
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2