Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Client Export Utility & Multiple OpenVPN Servers

    Scheduled Pinned Locked Moved OpenVPN
    8 Posts 4 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rdm_577
      last edited by

      Found a few post regarding this but I'm still stuck.

      Set up an instance of OpenVPN server using SSL/TLS only after reading book and watching a couple of the Hangouts on VPN.  All worked fine with users in local database, CA for the VPN and user certs for everyone.  I was able to use the export client and use the opvn file to configure the clients.

      Set up a second instance of OpenVPN server on the same pfSense box, different peer CA, user certs, server port, tunnel lan and accessing different physical lans behind the pfsense.  When I tired to get client files from the export utility there is no way to select the second server instance.  I tried restarting the service, disabling one vpn server, reinstalling the client export package, rebooting pfsense and multiple combinations / variations of those steps that seemed logical.  I have checked and rechecked settings and certificates and these should be two completely different instances of vpn server.  I'm stuck and have wasted more man hours than I care to admit.  I could have learned how to build the .opvn files from scratch by now but I turned into a dog with a bone instead.

      Any help would be appreciated.

      1 Reply Last reply Reply Quote 0
      • dotdashD
        dotdash
        last edited by

        The first selection on the export page should be a dropdown for 'remote access server' where you can select the instance. The only difference I can think of is that I've never used separate CA's.

        1 Reply Last reply Reply Quote 0
        • R
          rdm_577
          last edited by

          The drop down box for 'remote access server' has exactly one entry and one entry only.  That was the first created instance of OpenVPN server.

          The first instance of VPN is for road warriors.  The second was an attempt at SSL/TLS site to site with the client a non-pfsense router running openVPN client on OpenWRT…....but I never got that far.  After reading through the pfSense book, I was under the impression that the single CA might be part of the issue so I split it off into its own CA.  I'm at the 'export and set up client' phase.

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            The export package only works with remote access VPNs. You can't export a configuration for site-to-site.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • R
              rdm_577
              last edited by

              Is there a resource for a opvn template for the client side that matches / is compatible with the opvn configuration file that is created by pfSense when using a site to site setup?  I will admit to have occasionally failed reading comprehension 101 but there doesn't seem to be full documentation in the book about how to set up site to site.  I don't think I'm understanding exactly what parameters are being used by the server and exactly what is the correct format of the client side configuration file.

              1 Reply Last reply Reply Quote 0
              • I
                iesjg.tic
                last edited by

                Same problem here. Set up two instances with the same certs (for client access, not site-to-site) and only the first one appears in the dropdown. Reinstalled the client export package, same thing, only the first one shows

                Any ideas?

                1 Reply Last reply Reply Quote 0
                • jimpJ
                  jimp Rebel Alliance Developer Netgate
                  last edited by

                  @iesjg.tic:

                  Same problem here. Set up two instances with the same certs (for client access, not site-to-site) and only the first one appears in the dropdown. Reinstalled the client export package, same thing, only the first one shows

                  Any ideas?

                  Check the mode, as mentioned a few posts above. If it does not show in the list, it must not be set to a remote access mode.

                  Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • I
                    iesjg.tic
                    last edited by

                    @jimp:

                    @iesjg.tic:

                    Same problem here. Set up two instances with the same certs (for client access, not site-to-site) and only the first one appears in the dropdown. Reinstalled the client export package, same thing, only the first one shows

                    Any ideas?

                    Check the mode, as mentioned a few posts above. If it does not show in the list, it must not be set to a remote access mode.

                    You're right! Just set "Remote Access (SSL/TLS)" server mode and showed up!

                    Thanks!!

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.