Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN Client Export

    OpenVPN
    4
    9
    5987
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rahvin last edited by

      I've got a problem. Ever since the upgrade to 2.3.1 the Client Export package doesn't show any clients even though I have several..

      I'm not sure if it's related, but when I upgraded to 2.3.1 the upgrade trashed my configuration, I reloaded from a backup and since then no client export.
      ![Screenshot from 2016-05-26 22:31:44.png](/public/imported_attachments/1/Screenshot from 2016-05-26 22:31:44.png)
      ![Screenshot from 2016-05-26 22:31:44.png_thumb](/public/imported_attachments/1/Screenshot from 2016-05-26 22:31:44.png_thumb)

      1 Reply Last reply Reply Quote 0
      • johnpoz
        johnpoz LAYER 8 Global Moderator last edited by

        So you see your users with certs in user manager?

        YOur saying something happened on your upgrade, guessing your users got trashed too.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

        1 Reply Last reply Reply Quote 0
        • D
          divsys last edited by

          Actually all you need are user type certificates in Certificate manager, no need to actually create users (unless you want to).

          I agree though, it's likely a fault of a corrupted/mangled config.

          -jfp

          1 Reply Last reply Reply Quote 0
          • johnpoz
            johnpoz LAYER 8 Global Moderator last edited by

            ^ this is true.. If your only going to do cert auth then all you need is the user certs created by your CA your openvpn server is using.  You do not need to have actual users in the Pfsense user manager for them to show up in the export util.

            I should of worded that a bit better, thanks for the clarification divsys

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

            1 Reply Last reply Reply Quote 0
            • R
              rahvin last edited by

              My client certs are fine, I don't think the configuration issue is related. I brought it up to be thorough in case the upgrade was related to package corruption somehow. In this case I even copied in a client cert in from outside that was lost because the backup wasn't new enough. None of the client show up in the export client list.

              I've even made new client certs and they don't show up either in client export. I've uninstalled the package, reinstalled the package. I don't know what's going on. I can't be sure but I think everything disappeared in client export before the upgrade that trashed my configuration (2.3.1), I think it was from 2.2 to 2.3 where it was lost.

              Anyway, I've been watching to see if anyone else has the issue and no one's posted anything so it's not a general bug at least. But the question is what do I need to check. I've blown away and recreated certs, the VPN service, uninstalled the export package and reinstalled. I'm stumped. Though I'm not a BSD user I've been using Linux for years so I'm not scared to get in on the command line but obviously my command and config experience is with Linux.

              I need a pointer on what to check, it's very odd that it lists nothing.

              1 Reply Last reply Reply Quote 0
              • C
                cmb last edited by

                The OpenVPN server is listed there? That eliminates one of the possibilities, a server config type that can't be used.

                From there, if you have user auth enabled on the OpenVPN server, then you must have users with certs associated with them (or set to external auth). Usually it's that your OpenVPN server is using a diff CA than your user certs.

                1 Reply Last reply Reply Quote 0
                • R
                  rahvin last edited by

                  Server's listed, clients listed, the clients have certs based on the same CA as the server. Hell I've made new client certs to test it. The only thing I haven't done is build an entirely new CA, client certs and OpenVPN server all in one. I've done all of them except build a new CA just not all together in one shot.

                  It damn confusing. It feels like the client export configuration can't see the client certs but they are listed in the client list and the server can see them because I can connect for clients that existed in the backup. But I can't export a config using the client export package because nothing is in the client export list. And exporting manually is a serious pain.

                  If no one can think of a reason I'll trash the whole CA and clients and start from scratch, I was hoping for a simple error but the logs are devoid of anything. I'm not even confident rebuilding the entire OpenVPN config and certs will help.

                  1 Reply Last reply Reply Quote 0
                  • C
                    cmb last edited by

                    Which OpenVPN "server mode" is chosen?

                    1 Reply Last reply Reply Quote 0
                    • R
                      rahvin last edited by

                      Bingo. That's what I needed. I had configured it from a tablet in trying to troubleshoot and must have set it to SSL/TLS + UserAuth, switching it back brought back the client export list.

                      Thanks,

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post