OpenVPN CSC needs to support per server configs

  • For example, I have two servers running, 1 TCP and 1 UDP running with subnets and but when I add a CSC with subnet (net30), this config applies to both servers and the UDP server running on 11.1/24 will not route any traffic because the client gets an address of

    I hacked this up by changing the configs to point to two different CSC directories /server1 and /server2 but there needs to be a way for this to be done in the GUI in the future.


  • Rebel Alliance Developer Netgate

    Why would you have a certificate with the same common name connecting to two different OpenVPN servers, trying to route the same subnet?

    EDIT: The same subnet bit doesn't matter so much… why the same CN connecting to two different servers at all?

  • One is TCP and one server is UDP so if someone hits a restrictive hotspot, they can use the tcp server. I can't have the two openvpn servers on the same subnet because they may give out conflicting addresses.

  • Rebel Alliance Developer Netgate

    Since you can't have the same client config for both, why not just generate another certificate for the tcp side?

    You might want to open up a ticket at as a feature for 2.1 to add a server-specific CSC, but I don't see it happening for 2.0.

Log in to reply