Client export - no configurations available

Modesty

Hi

After settingup VPN on pfsens i click export wizard.

I expected to find something like this:

But i see this:

The text under staes that:
If a client is missing from the list it is likely due to a CA mismatch between the OpenVPN server instance and the client certificate, the client certificate does not exist on this firewall, or a user certificate is not associated with a user when local database authentication is enabled.

This "help text" I dont understand what to do...

I have used the wizard to create the vpn, i did create my own sertificate in the prosess.

Any help from you I appreciate

M

Gertjan

@modesty said in Client export - no configurations available:

This "help text" I dont understand what to do...

It says :

If a client is missing from the list it is likely due to a CA mismatch between the OpenVPN server instance and the client certificate, the client certificate does not exist on this firewall, or a user certificate is not associated with a user when local database authentication is enabled.

which means ... what it says.

When a 'client' uses a VPN connection, it should 'authenticate' against the pfSense OpenVPN server, at the connection needs to be secured.
And you have a choice :
A user name and password.
A certificate st, assigned for that user.
Or a combination of both.

You've set up a OpenVPN server, you can see the "access mode" :

You have made a choice here :

If could create a user + password here :

and - important, assigned it to the OpenVPN user group, the OpenVPN client export utility can't find a user to include in the export files.

Or create a 'CA' certificate here :

I called it "CA-openvpn". As you can see,, it's in use by my OpenVPN server right now.
This CA cert is only created ones.
After that, for each user (do not share certificates among users !!) you create Certificates :

This one is for me, for my iPhone. I also created one for my pad, one or two for the PC's I use to remotely access this pfSense OpenVPN server.
Again, this certificate is in use right now by the OpenVPN pfsense server.
Note that this CA certificate is assigned to the OpenVP server :

Because I chose :

which means 'only certificates' (and no user or password), I now have this listed on the OpenVPN client export list :

Now, read again :

If a client is missing from the list it is likely due to a CA mismatch between the OpenVPN server instance and the client certificate, the client certificate does not exist on this firewall, or a user certificate is not associated with a user when local database authentication is enabled.

and I'll bet that all is clear now.

and

If you have Youtube installed, go here Youtube > Netgate > Configuring OpenVPN Remote Access in pfSense Software - it's a bare minimum 'need to know' video, but it explains the steps.
Several other, far more detailed OpenVPN videos are also a viable. They are old, but do still apply.
A couple of thousand other pfSense OpenVPN video's also exist.

An there is the manual, in the top right corner, right in front of you, one click away.