Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Request for Help with Mobile User Issue

    OpenVPN
    3
    4
    2.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      visitstupa
      last edited by

      Hi,
      My company wants to upgrade pfSense 1.0.8 (customized version) from our VPN appliance supplier with open source pfSense 1.2.2. In our current 1.0.8 version, under VPN->SSL VPN->User tab, we create our mobile users' login id and password there.

      When our remote user clicks Openvpn "connect", they get a login box to enter their login id and password and they will get connected to our company LAN.

      In the current 1.2.2 version, under VPN->OpenVPN tab, there are only Server, Client and Client-Specific Configuration tabs. I could not locate a similar "User" tab to edit my remote users' login and password.

      I started to know pfSense 10 days ago when our head office VPN box crashed. We have no install CD for version 1.0.8. Now I am preparing pfSense 1.2.2 on a P4 PC to make it our backup VPN box. I have tested version 1.2.2 workable with 1.0.8. I have rebuilt one hundred over OpenVPN site to site tunnels to our stores on my pfSense PC. Now I am getting stuck with our mobile users. I wonder where I can edit my mobile users on pfSense 1.2.2.

      I guess the previous feature in 1.0.8 may have been replaced or enhanced with something better. Could anyone help to answer my question or point me to a fix?

      This is my first post. If I am not doing right, please pardon my mistake.

      Thanks & Regards,
      vpn1.JPG
      vpn1.JPG_thumb
      vpn2.JPG
      vpn2.JPG_thumb
      vpn3.JPG
      vpn3.JPG_thumb

      1 Reply Last reply Reply Quote 0
      • Cry HavokC
        Cry Havok
        last edited by

        Would have made more sense to ask in the OpenVPN forum, however…

        With OpenVPN you usually create certificates for the remote users and perform authentication that way.  Do you need to stay with usernames and passwords?

        1 Reply Last reply Reply Quote 0
        • V
          visitstupa
          last edited by

          Hi Cry Havok,
          Noted your suggestion with openvpn. I will do this approach as a last resort. We try not to inconvenient our 37 mobile users(senior level people).

          The reason I currently not in favor of this approach is because our mobile users' ca.crt, client.crt and client.key are all using the same identical copies. Someone took the easy way out and started it this way for all our mobile users (currently 37). I perceive this is a high risk approach if all the mobile users use the same master certificate, client certificate and client key.

          Our previous approach is putting master ca.crt at mobile user laptops, then they enter their own login id and password to connect head office LAN. We can centrally managed mobile user password at head office vpn box. There is a password to control individual network access.

          If we started with unique client certificate and key for every mobile user, then we should be doing standard openvpn stuff. I thought we may have missed something (package) and the "User" tab did not appear at OpenVPN.

          1 Reply Last reply Reply Quote 0
          • M
            mhab12
            last edited by

            Currently there is no 'user mgmt' GUI for OpenVPN in pfSesne.  There have been many requests, and it might be forthcoming in the 2.0 release.  Search around the VPN forum here and you should find something.

            http://forum.pfsense.org/index.php/board,39.0.html

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.