Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Bug in Client Export Utility

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 3 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • X
      xl
      last edited by

      Hello! Just found a strange thing.

      When server is set to SSL/TLS + User Auth Client Export Utility show no configs for export.
      When server is set to TLS only or User Auth only Client Export Utility show all needed configs for exports.

      It is a bug? Or it is something that I missing?

      2.3.4-RELEASE (amd64), just installed Client Export Utility.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Are the certificates associated with users under System > User Manager?

        It's not enough that the certificates have the same name, they have to be certificates listed on the appropriate user in the User Manager. SSL/TLS mode will show any certificate from the CA. User Auth mode will show any user from the user manager. But for SSL/TLS+User Auth they must be tied together.

        So for example, if I have a user named "jimp" and a certificate with a cn "jimp", it wouldn't show in the export list for SSL/TLS+User Auth unless the "jimp" certificate was listed under the "jimp" user entry in the user manager. And also it has to be from the same CA as the OpenVPN server, naturally.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • X
          xl
          last edited by

          Thank you, I think it would be helpful if someone add that information to this message in Client Export Utility - "If a client is missing from the list it is likely due to a CA mismatch between the OpenVPN server instance and the client certificate, or the client certificate does not exist on this firewall."  :)

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            Ah - so like the info a bleach that says do not drink this ;)

            that wording is already on the wiki doc btw

            https://doc.pfsense.org/index.php/OpenVPN_Client_Export_Package
            "If the list is empty, there are likely no users and/or certificates that exist which use the same Certificate Authority as this VPN server. "

            If you click the little ? mark top right corner of the export package page it takes you there.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.