OpenVPN client config

EricAiken

I'm new to PFSense and OpenVPN.

I'm able to get everything to work via the wizzard, but have a problem with the client setup and client export.

My problem:

Version: pfsense 2.7.2-release(AMD64)
openvpn-client-export 1.9.2

In short the wizard didn't create any client configs, yet the client export wizard shows clients and provides opvn files to download

if I manually create clients, I can't create RAS clients, only peer-to-peer. No drop down, there are no open files to download in the client export.

I can't reconcile this behavior and can't create specific client config (with the ability to have the client exporter create config files.

Now that I have "A" config file, I could certainly manually update it to my needs.

I don't believe this is expected behavior, or I'm doing something wrong.

I appreciate any feedback

viragomann

@EricAiken
I assume, you have set up an OpenVPN access server with TLS (+ user auth) for your road warriors.
So you or the wizard might have created a certificate authority and issued a server certificate from it.

Then you have to crate users and in the user configuration create a TLS certificate for each from the same CA, the server is using.
Did you do this already?

If you're running multiple servers, you can select the respective server in the client export utility at the top.
If you select the proper server, you don't see any users?

Gertjan

@EricAiken

As said above :
You have to create the RAS VPN users.
Remember to check :

and use the Open VPN CA here and give it a descriptive name.

These uses will get listed here :

EricAiken

That's what I did (at least I think).

Created a CA
Created a server cert
Created a RAS user. (using that CA)
Created a openvpn server. using the CA and the server cert

docs get lite here. Because I didn't see the above client downloads, I read I needed to create a openvpn client first.

Tried creating a client, but only get peer-to-peer options.

however when I create the server via the wizard things work and I get the client downloads, but no client configs.

I wanted to add/change some features to the config files that are offered in the client config page. Like I said I'm confident I can manually add them to the config file(s), but being new it would fast-track syntax. Things like changing the server name/ip from an ip to a dns name, port number, route options,

I clearly don't have a good understanding of how these pieces fit together. I have something working (via the wizard and files I can modify), would just like to understand why I can't recreate what the wizard is accomplishing manually.

viragomann

@EricAiken
Not really clear, what you want to achieve.

Created a CA
Created a server cert
Created a RAS user. (using that CA)
Created a openvpn server. using the CA and the server cert

After you did this properly, the clients, who have assigned certificate issued by this CA should appear in the client export. If they don't recheck the certs and server settings.

Tried creating a client, but only get peer-to-peer options.

OpenVPN Clients on pfSense are ever meant for peer-to-peer connections and have nothing to do with the client export. The later is only for users who are entitled for a remote access servers.