OpenVPN CSC needs to support per server configs



  • For example, I have two servers running, 1 TCP and 1 UDP running with subnets 192.168.10.1/24 and 192.168.11.1/24 but when I add a CSC with subnet 192.168.10.32/30 (net30), this config applies to both servers and the UDP server running on 11.1/24 will not route any traffic because the client gets an address of 192.168.10.34

    I hacked this up by changing the configs to point to two different CSC directories /server1 and /server2 but there needs to be a way for this to be done in the GUI in the future.

    Thanks!


  • Rebel Alliance Developer Netgate

    Why would you have a certificate with the same common name connecting to two different OpenVPN servers, trying to route the same subnet?

    EDIT: The same subnet bit doesn't matter so much… why the same CN connecting to two different servers at all?



  • One is TCP and one server is UDP so if someone hits a restrictive hotspot, they can use the tcp server. I can't have the two openvpn servers on the same subnet because they may give out conflicting addresses.


  • Rebel Alliance Developer Netgate

    Since you can't have the same client config for both, why not just generate another certificate for the tcp side?

    You might want to open up a ticket at http://redmine.pfsense.org/ as a feature for 2.1 to add a server-specific CSC, but I don't see it happening for 2.0.


Log in to reply