OpenVPN CSC needs to support per server configs
For example, I have two servers running, 1 TCP and 1 UDP running with subnets 192.168.10.1/24 and 192.168.11.1/24 but when I add a CSC with subnet 192.168.10.32/30 (net30), this config applies to both servers and the UDP server running on 11.1/24 will not route any traffic because the client gets an address of 192.168.10.34
I hacked this up by changing the configs to point to two different CSC directories /server1 and /server2 but there needs to be a way for this to be done in the GUI in the future.
Why would you have a certificate with the same common name connecting to two different OpenVPN servers, trying to route the same subnet?
EDIT: The same subnet bit doesn't matter so much… why the same CN connecting to two different servers at all?
One is TCP and one server is UDP so if someone hits a restrictive hotspot, they can use the tcp server. I can't have the two openvpn servers on the same subnet because they may give out conflicting addresses.
Since you can't have the same client config for both, why not just generate another certificate for the tcp side?
You might want to open up a ticket at http://redmine.pfsense.org/ as a feature for 2.1 to add a server-specific CSC, but I don't see it happening for 2.0.