Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Open VPN SSL/TLS Peer to Multipeer

    OpenVPN
    2
    4
    153
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Bambos
      last edited by

      Hello everyone,

      I'm working on a setup using peer to multipeer topology. (1 VPN Server accepting several clients with client certificates) and Client Specific Overrides Control.

      i have some questions on the relation between certificates common name, (X.509 common name), Hostname value under certificate attributes while creating the certificate, common name under Client Specific Overrides and the actual hostname of the client.

      What is related to what ? Does the client specific override happent based on the certificate common name? Do we have to add the hostname under the certificate attributes, or is not needed ? And finally does the actual client hostname has anything to do with the connection ?

      Thanks for any comments.

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @Bambos
        last edited by

        @Bambos said in Open VPN SSL/TLS Peer to Multipeer:

        Does the client specific override happent based on the certificate common name?

        By default, it does. You can change it to username with "Username as Common Name" in the server settings.

        Do we have to add the hostname under the certificate attributes, or is not needed ?

        Don't know, where you see this option. But it might not be related to a client certificate anyway.

        And finally does the actual client hostname has anything to do with the connection ?

        No. The server doesn't see it.

        B 1 Reply Last reply Reply Quote 0
        • B
          Bambos @viragomann
          last edited by

          @viragomann Thanks a lot for your comments.

          username as common name, to my understanding this is for users remote access VPN using per user certificate. .

          hostname under certificate attributes, while creating the client certificate.
          58350fd1-998b-4664-a69c-fc609981f8cc-image.png

          If we create the certificate with alternative hostname, does this mean that we can use both username and hostname on the settings of Username as common name ?? Not very clear to me, and the documentation is not expanding to this.

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @Bambos
            last edited by

            @Bambos
            When stating an alternative hostname, pfSense generates a SAN certificate. There is no reasonable case for me to do this with a user certificate, however.

            The CSO check verifies only one value, either the common name of the client certificate or the username, not both. As mentioned, which one to use can be set in the server settings.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.