Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN without client certificates?

    Scheduled Pinned Locked Moved OpenVPN
    7 Posts 3 Posters 16.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      galgier
      last edited by

      I am new to OpenVPN and pfSense. I found it very easy to get a myself setup as a local user and it works well.

      I now want to setup access for many people using RADIUS.  I want to be able to give all our users the same *.ovpn file or Client Export.  I have seen mention in OpenVPN discussions that there is an option "client-cert-not-required".  I can't find an equivalent in the OpenVPN configuration on pfSense.  Am I missing something?

      Instead, would it be possible to create a universal client certificate that could be included in the package delivered to all our users?

      Also, if I setup the system to use RADIUS for authentication, do I still need to create each user on the pfSense system?  If so, is there a scripting method to "import" 100+ users so I don't have to "GUI" each user?

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Just change the VPN type from "SSL/TLS + User Auth" to simply "User Auth" and then it does not require certs for clients.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • G
          galgier
          last edited by

          Thank you!  That did it for Windows and Mac.

          Unfortunately the iPad app seems to require a certificate in order to even let me try to connect.

          1 Reply Last reply Reply Quote 0
          • G
            galgier
            last edited by

            As a self-followup, in case someone else has the iPad problem, I figured out how to add a cert to the .ovpn file:
            1. Go create a new cert in System > Cert Manager.
            2. Export the cert and key separately (
            .crt and *.key files).
            3. Using your favorite text editor open your previously exported *.ovpn file.
              a. Find the line with "".
              b. Put a line after this with "<cert>".
              c. Insert the contents of the *.crt file.
              d. Add two lines after this containing "</cert>" and "<key>".
              e. Insert the contents of the *.key file.
              f. Add a line after this containing "</key>""
              g. Save the file.

            1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator
              last edited by

              ^ or just export the inline opvn file

              • Inline Configurations:
                  Android  OpenVPN Connect (iOS/Android)  Others

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              1 Reply Last reply Reply Quote 0
              • G
                galgier
                last edited by

                An export of the inline ovpn file does not include any certificate.  The iOS app requires one.

                1 Reply Last reply Reply Quote 0
                • jimpJ
                  jimp Rebel Alliance Developer Netgate
                  last edited by

                  That depends on your specific mode of OpenVPN server. In SSL/TLS and SSL/TLS+User Auth mode, it does include the certificate.

                  Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.