OpenVPN roadwarrior setup

  • Hi,

    I can't find how to create a road warrior setup on 2.0 and OpenVPN.  I should be using PKI, but it's not in the UI (it's peer-to-peer now, right?)

    I succeeded with Remote Access (SSL/TLS), but removing client certificates doesn't disable the clients (they're VPN users for life I guess).

    Where should I be looking? Where do I configure the removal of active client certificates?

  • Rebel Alliance Developer Netgate

    It's Remote Access (SSL/TLS).

    CRL support isn't in the GUI yet, so you can't yet remove a VPN user, but if you did enable TLS you can change their password or remove their account and cut off VPN access.

    There's an open ticket to add CRL support, it's just a little tricky in way the GUI is setup now.

  • Thanks.  I enabled Auth (that's what you meant right?) but I don't know how to prompt the user to log in.  The OpenVPN client (for Windows) simply fails to connect to my VPN. Without Auth it works fine.

  • Rebel Alliance Developer Netgate

    You'd really want SSL/TLS+User Auth

    It should prompt automatically if you have the proper client config. If you install the OpenVPN Client Export package it can generate a client config file for you.

Log in to reply