Client export list is empty on v 2.3.2

  • hi all,

    my openvpn used to work on v 2.2.6 but now since i have updated it to v 2.3.2 i cant see my list of clients to export, its empty ie ios android windows

    i have redone everything again ie deleted the openvpn client export package re-downloded it

    deleted the openvpn server again and re-done the wizard again

    any help please,

    many thanks,


  • LAYER 8 Global Moderator

    did you create user certs?  There will be nothing in the client export unless there are certs

    I am on 2.3.2_p1 and its been upgraded every time from like 2.0 and have never had any issues with openvpn.  Never had to redo anything

  • I just updated the client export package and my users disappeared as well. They were there before the update and the users are still in the users page.

  • LAYER 8 Global Moderator

    So I see there is an update.. so I just updated

    >>> Upgrading pfSense-pkg-openvpn-client-export... 
    Updating pfSense-core repository catalogue...
    pfSense-core repository is up-to-date.
    Updating pfSense repository catalogue...
    pfSense repository is up-to-date.
    All repositories are up-to-date.
    The following 1 package(s) will be affected (of 0 checked):
    Installed packages to be UPGRADED:
    	pfSense-pkg-openvpn-client-export: 1.3.11 -> 1.3.12 [pfSense]
    Number of packages to be upgraded: 1
    18 KiB to be downloaded.
    Fetching pfSense-pkg-openvpn-client-export-1.3.12.txz: .. done
    Checking integrity... done (0 conflicting)
    [1/1] Upgrading pfSense-pkg-openvpn-client-export from 1.3.11 to 1.3.12...
    [1/1] Extracting pfSense-pkg-openvpn-client-export-1.3.12: .......... done
    Removing openvpn-client-export components...
    Loading package instructions...
    Saving updated package information...
    Loading package configuration... done.
    Configuring package components...
    Loading package instructions...
    Custom commands...
    Writing configuration... done.
    >>> Cleaning up cache... done.

    And yup looks like all the users are gone… Hmmmm  Let me look to see what could cause that... But looks like might be a bad update??

    Yeah there seems to be something wrong here... I created a new cert and it doesn't show up..

    So this didn't have anything to do with 2.3.2 or going from 2.x etc..  This has to do with this update of the client export package.

  • In the client export tab did you click the button save as default? When I did this, all of my clients reappeared.

  • what a dumb arse, i had the user but deleted the user cert, after that when i went back to client exports, the list was there

  • LAYER 8 Netgate

    You're not being dumb.

    We have all wanted saving those preferences in the exporter. Looks like it's finally happening.

    Might be a better way to handle that though.

  • LAYER 8 Global Moderator

    Yeah I like the addition of the default.

  • pfSense-pkg-openvpn-client-export: 1.3.12 -> 1.3.13 [pfSense]

    Just updated, I can export configs again, thanks.

    But pffft, I thought it was me so I created the whole ca-crt chain again, there are a few, than I saw the update  ::)

  • This worked the first time I did it however I decided to go back and make some changes and start all over.

    Now, the User Cert does not appear in the list at the bottom.  >:(

    I'm have 1.3.13 installed and a User Certificate.  I have saved the default.
    It no longer shows up….

    Maybe I need to delete all the certs, including the CA? 
    I must be doing something stupid, it should not be this difficult.

  • LAYER 8 Netgate

    Depends on what changes you made.

    It still will not show you users with certificates issued by a CA other than the one set in the server since that wouldn't work anyway.

  • I used the Wizard to make the Server and just not going back and looking it make 'remote access' instead of peer/peer. 
    Must have made mistake in that selection.

    I'll delete it all and try again tomorrow.

  • LAYER 8 Netgate

    Client export is for remote access, not peer-to-peer.

  • OK, my bad.
    What I am trying to do is set up openVPN for access from iPhone (ios)

    I had it working but with a bunch of questionable errors in the log.
    I had created my .conf by hand.  I recently read here that the wizard needed to be used to make sure all was properly done.
    So started over and blew it by choosing peer/peer.  Lesson - don't do this stuff late at night.  :P

    My mistake was:

    1. setting up server for peer/peer tls instead of remote tls.
    2. creating a client, not necessary cause export creates it.  Changing server to 'remote tls' and going directly to client export gives me the missing part of the puzzle.

    Thanks for pointing me in the right direction.

Log in to reply