OpenVPN site-to-site, how to query for common name of connected sites?
-
All,
I am successfully connecting my Unifi USG gateway as an OpenVPN site-to-site client with my central pfSense router. Everything works as planned.
As I connect more external systems to my pfSense OpenVPN instance, I will need to use client-specific overrides. To do so I need the Common Name from the USG cert.
Is there a way from pfSense to get the common name from the connected clients? Since I am already connecting successfully, this would be the easiest way to ensure I get the right text to use for my OpenVPN overrides.
-
Status/OpenVPN shows Common Name of connected clients.
-
Thanks for the quick reply.
I don't see where the common name would be. The columns that I see that could be the name are "Name" (which is the name of the SERVER, not the client), and there's a "Remote Host" which is the apparent IP (public IP address, not the real IP) of the connected client.
-
This could be a case of bad understanding on my part.
It appears that the interface for adding client-specific overrides only applies to Remote Access (non-site-to-site) settings. That also seems to make sense as shared key does NOT have a cert generation for the client site that I'm aware of, so no common name to set.
If anyone can set me straight here, thanks. Otherwise I think I'll just set up multiple OpenVPN servers.
-
If you use Peer to Peer (SSL/TLS) it uses overrides.
If you use Peer to Peer (Shared Key), you need one server per client.
-
Thanks for the succinct answer!