Client Export Utility & Multiple OpenVPN Servers



  • Found a few post regarding this but I'm still stuck.

    Set up an instance of OpenVPN server using SSL/TLS only after reading book and watching a couple of the Hangouts on VPN.  All worked fine with users in local database, CA for the VPN and user certs for everyone.  I was able to use the export client and use the opvn file to configure the clients.

    Set up a second instance of OpenVPN server on the same pfSense box, different peer CA, user certs, server port, tunnel lan and accessing different physical lans behind the pfsense.  When I tired to get client files from the export utility there is no way to select the second server instance.  I tried restarting the service, disabling one vpn server, reinstalling the client export package, rebooting pfsense and multiple combinations / variations of those steps that seemed logical.  I have checked and rechecked settings and certificates and these should be two completely different instances of vpn server.  I'm stuck and have wasted more man hours than I care to admit.  I could have learned how to build the .opvn files from scratch by now but I turned into a dog with a bone instead.

    Any help would be appreciated.



  • The first selection on the export page should be a dropdown for 'remote access server' where you can select the instance. The only difference I can think of is that I've never used separate CA's.



  • The drop down box for 'remote access server' has exactly one entry and one entry only.  That was the first created instance of OpenVPN server.

    The first instance of VPN is for road warriors.  The second was an attempt at SSL/TLS site to site with the client a non-pfsense router running openVPN client on OpenWRT…....but I never got that far.  After reading through the pfSense book, I was under the impression that the single CA might be part of the issue so I split it off into its own CA.  I'm at the 'export and set up client' phase.


  • Rebel Alliance Developer Netgate

    The export package only works with remote access VPNs. You can't export a configuration for site-to-site.



  • Is there a resource for a opvn template for the client side that matches / is compatible with the opvn configuration file that is created by pfSense when using a site to site setup?  I will admit to have occasionally failed reading comprehension 101 but there doesn't seem to be full documentation in the book about how to set up site to site.  I don't think I'm understanding exactly what parameters are being used by the server and exactly what is the correct format of the client side configuration file.



  • Same problem here. Set up two instances with the same certs (for client access, not site-to-site) and only the first one appears in the dropdown. Reinstalled the client export package, same thing, only the first one shows

    Any ideas?


  • Rebel Alliance Developer Netgate

    @iesjg.tic:

    Same problem here. Set up two instances with the same certs (for client access, not site-to-site) and only the first one appears in the dropdown. Reinstalled the client export package, same thing, only the first one shows

    Any ideas?

    Check the mode, as mentioned a few posts above. If it does not show in the list, it must not be set to a remote access mode.



  • @jimp:

    @iesjg.tic:

    Same problem here. Set up two instances with the same certs (for client access, not site-to-site) and only the first one appears in the dropdown. Reinstalled the client export package, same thing, only the first one shows

    Any ideas?

    Check the mode, as mentioned a few posts above. If it does not show in the list, it must not be set to a remote access mode.

    You're right! Just set "Remote Access (SSL/TLS)" server mode and showed up!

    Thanks!!


Log in to reply