Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multiple clients to pfSense 2.0 OpenVPN

    2.0-RC Snapshot Feedback and Problems - RETIRED
    2
    3
    3.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mgaudette
      last edited by

      Hi,

      Ive setup OpenVPN with two PCs (Windows Vista), apparently successfully.  My problem is that I don't quite understand how I should be managing the certificates.

      Both of those clients are using different certificates, both created on the pfSense box with a common CA (internal).  I see both of them connected on the OpenVPN status.

      Let's say I fire one employee, and I now need to keep him out my network. Where do I do that? I've tried removing the certificate I created for him on the System -Cert Manager - Certificates tab, but the OpenVPN client still connects to pfSense.  I tried restarting pfSense, no go either.

      The OpenVPN settings allow me to choose only one server certificate, how could both connect to start with?

      What exactly am I not getting here?  I simply need to easily be able to add new OpenVPN clients and remove them, but it seems an all-or-nothing proposition right now.

      1 Reply Last reply Reply Quote 0
      • M
        mgaudette
        last edited by

        For other people's sake, I succeeded in explicitly blocking a client by adding him to the Client override tab of OpenVPN and checking "block this user".

        Is that the only way?  It feels like the bad way, because this means if I remove a user he still can connect until I realize there is some unknown OpenVPN client still connecting and I explicitly block it.

        Shouldn't removing the user from the pfSense UI disable his common name's certificate from connecting? Or am I just a clueless OpenVPN newbie?

        I was sort of hoping that any undefined cert in pfSense would be rejected.

        Mike

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          Certificate revocation isn't in place yet. If you're using user auth, disabling the account will disable their ability to log in. If you're strictly using keys, you can't revoke that other than manually (though that will be fixed before too long).

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.