Remote User - Import public key

  • Hey guys,

    I am attempting to add a remote use as a authorized open VPN account. Since this user is remote, I dont want to generate a keypair on the firewall, so I had the user generate a RSA public key for me. However, I ahve been unable to figure out how to import this public keyfile into OpenVPN via pfsense. The only import option I seem to be able to find requires the private key as well, which I am unable to obtain as my user is remote. Is there documentation somewhere on how can I add a new user using a remotely generated public key? Thanks!


  • Rebel Alliance Developer Netgate

    Are you talking about a user for an SSL/TLS Remote Access or a site-to-site PSK OpenVPN tunnel?

    If it's for a remote access SSL/TLS setup then their certificate must be signed by your CA, what you're having them do is not compatible with how OpenVPN needs to work. They can't make their own self-signed certificate that will work with the VPN.

    Unfortunately, until pfSense 2.4 you can't have them make a CSR that can be signed by the pfSense VPN CA in the GUI, though you could maybe copy the CA cert+key somewhere and manually do it with openssl at the command line and then send them back the signed certificate. If they do a CSR and send you the CSR, you never see their key. That's an area we're working to improve in 2.4.

Log in to reply