Request for Help with Mobile User Issue

  • Hi,
    My company wants to upgrade pfSense 1.0.8 (customized version) from our VPN appliance supplier with open source pfSense 1.2.2. In our current 1.0.8 version, under VPN->SSL VPN->User tab, we create our mobile users' login id and password there.

    When our remote user clicks Openvpn "connect", they get a login box to enter their login id and password and they will get connected to our company LAN.

    In the current 1.2.2 version, under VPN->OpenVPN tab, there are only Server, Client and Client-Specific Configuration tabs. I could not locate a similar "User" tab to edit my remote users' login and password.

    I started to know pfSense 10 days ago when our head office VPN box crashed. We have no install CD for version 1.0.8. Now I am preparing pfSense 1.2.2 on a P4 PC to make it our backup VPN box. I have tested version 1.2.2 workable with 1.0.8. I have rebuilt one hundred over OpenVPN site to site tunnels to our stores on my pfSense PC. Now I am getting stuck with our mobile users. I wonder where I can edit my mobile users on pfSense 1.2.2.

    I guess the previous feature in 1.0.8 may have been replaced or enhanced with something better. Could anyone help to answer my question or point me to a fix?

    This is my first post. If I am not doing right, please pardon my mistake.

    Thanks & Regards,

  • Would have made more sense to ask in the OpenVPN forum, however…

    With OpenVPN you usually create certificates for the remote users and perform authentication that way.  Do you need to stay with usernames and passwords?

  • Hi Cry Havok,
    Noted your suggestion with openvpn. I will do this approach as a last resort. We try not to inconvenient our 37 mobile users(senior level people).

    The reason I currently not in favor of this approach is because our mobile users' ca.crt, client.crt and client.key are all using the same identical copies. Someone took the easy way out and started it this way for all our mobile users (currently 37). I perceive this is a high risk approach if all the mobile users use the same master certificate, client certificate and client key.

    Our previous approach is putting master ca.crt at mobile user laptops, then they enter their own login id and password to connect head office LAN. We can centrally managed mobile user password at head office vpn box. There is a password to control individual network access.

    If we started with unique client certificate and key for every mobile user, then we should be doing standard openvpn stuff. I thought we may have missed something (package) and the "User" tab did not appear at OpenVPN.

  • Currently there is no 'user mgmt' GUI for OpenVPN in pfSesne.  There have been many requests, and it might be forthcoming in the 2.0 release.  Search around the VPN forum here and you should find something.,39.0.html