OpenVPN client export not working
-
Running RC1 dated April 26th.
I didn't have success with these steps and have tried with a New CA as well but am still having the same results.
1. Create a OVPN server instance and certificate from the new CA
2. Create a user certificate for my account using the same CA
3. Client export tab shows no available clients/users to exportI've noticed some issues with weird characters in the CN fields in other posts. CN for the user is something like flastname, CN for the server cert is vpn.domain.com
Any help is greatly appreciated as always!
After some more digging it looks very familiar to the issue previously reported over here: http://forum.pfsense.org/index.php/topic,29353.0.html
-
In what mode did you set up your server?
-
Remote Access (SSL/TLS) …. I'm assuming I should be able to export a client installer that doesn't nag my users for a username/password when they want to connect. Is my expectation wrong? I just noticed the other thread showed SSL/TLS + user auth instead.
-
Yes you need to set it to user auth, otherwise it won't show up.
-
It should work with SSL/TLS (no auth), though I did make some changes to the exporter package the other day and could have inadvertently broken it. I thought I had tested each mode before I committed the changes though.
Reinstall the OpenVPN Client Export package to be sure you're on the latest code and try it again. In the meantime I'll try some more tests.
Normally as long as the CA matches, it will list them.
Actually one thing you can check: Check your CA list and Certs list, make sure you don't have any duplicate entries. Perhaps you have two entries with the same name. I saw that happen once but wasn't able to reproduce it to track it down. If you do, edit the OpenVPN instance and re-select the right one, then the client certs may show up. If you have a duplicate CA, make sure you don't also have a duplicate cert, and change it also if needed.
-
I've been using the exporter for quite a while, and i've always had the behaviour that it only shows up with auth.
-
Reinstall it again when the new version shows up on the package repo (2-3 minutes from now). It should export those as well.