OpenVPN site-to-site, how to query for common name of connected sites?



  • All,

    I am successfully connecting my Unifi USG gateway as an OpenVPN site-to-site client with my central pfSense router. Everything works as planned.

    As I connect more external systems to my pfSense OpenVPN instance, I will need to use client-specific overrides. To do so I need the Common Name from the USG cert.

    Is there a way from pfSense to get the common name from the connected clients? Since I am already connecting successfully, this would be the easiest way to ensure I get the right text to use for my OpenVPN overrides.



  • Status/OpenVPN shows Common Name of connected clients.



  • Thanks for the quick reply.

    I don't see where the common name would be. The columns that I see that could be the name are "Name" (which is the name of the SERVER, not the client), and there's a "Remote Host" which is the apparent IP (public IP address, not the real IP) of the connected client.



  • This could be a case of bad understanding on my part.

    It appears that the interface for adding client-specific overrides only applies to Remote Access (non-site-to-site) settings. That also seems to make sense as shared key does NOT have a cert generation for the client site that I'm aware of, so no common name to set.

    If anyone can set me straight here, thanks. Otherwise I think I'll just set up multiple OpenVPN servers.


  • Rebel Alliance Developer Netgate

    If you use Peer to Peer (SSL/TLS) it uses overrides.

    If you use Peer to Peer (Shared Key), you need one server per client.



  • Thanks for the succinct answer!


Log in to reply