• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

OpenVPN without client certificates?

Scheduled Pinned Locked Moved OpenVPN
7 Posts 3 Posters 16.5k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • G
    galgier
    last edited by Mar 20, 2013, 2:20 PM

    I am new to OpenVPN and pfSense. I found it very easy to get a myself setup as a local user and it works well.

    I now want to setup access for many people using RADIUS.  I want to be able to give all our users the same *.ovpn file or Client Export.  I have seen mention in OpenVPN discussions that there is an option "client-cert-not-required".  I can't find an equivalent in the OpenVPN configuration on pfSense.  Am I missing something?

    Instead, would it be possible to create a universal client certificate that could be included in the package delivered to all our users?

    Also, if I setup the system to use RADIUS for authentication, do I still need to create each user on the pfSense system?  If so, is there a scripting method to "import" 100+ users so I don't have to "GUI" each user?

    1 Reply Last reply Reply Quote 0
    • J
      jimp Rebel Alliance Developer Netgate
      last edited by Mar 20, 2013, 7:11 PM

      Just change the VPN type from "SSL/TLS + User Auth" to simply "User Auth" and then it does not require certs for clients.

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 0
      • G
        galgier
        last edited by Mar 21, 2013, 2:15 AM

        Thank you!  That did it for Windows and Mac.

        Unfortunately the iPad app seems to require a certificate in order to even let me try to connect.

        1 Reply Last reply Reply Quote 0
        • G
          galgier
          last edited by Mar 21, 2013, 12:46 PM

          As a self-followup, in case someone else has the iPad problem, I figured out how to add a cert to the .ovpn file:
          1. Go create a new cert in System > Cert Manager.
          2. Export the cert and key separately (
          .crt and *.key files).
          3. Using your favorite text editor open your previously exported *.ovpn file.
            a. Find the line with "".
            b. Put a line after this with "<cert>".
            c. Insert the contents of the *.crt file.
            d. Add two lines after this containing "</cert>" and "<key>".
            e. Insert the contents of the *.key file.
            f. Add a line after this containing "</key>""
            g. Save the file.

          1 Reply Last reply Reply Quote 0
          • J
            johnpoz LAYER 8 Global Moderator
            last edited by Mar 21, 2013, 3:25 PM

            ^ or just export the inline opvn file

            • Inline Configurations:
                Android  OpenVPN Connect (iOS/Android)  Others

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • G
              galgier
              last edited by Apr 14, 2013, 4:43 PM

              An export of the inline ovpn file does not include any certificate.  The iOS app requires one.

              1 Reply Last reply Reply Quote 0
              • J
                jimp Rebel Alliance Developer Netgate
                last edited by Apr 14, 2013, 4:44 PM

                That depends on your specific mode of OpenVPN server. In SSL/TLS and SSL/TLS+User Auth mode, it does include the certificate.

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                  This community forum collects and processes your personal information.
                  consent.not_received