OpenVPN without client certificates?
-
I am new to OpenVPN and pfSense. I found it very easy to get a myself setup as a local user and it works well.
I now want to setup access for many people using RADIUS. I want to be able to give all our users the same *.ovpn file or Client Export. I have seen mention in OpenVPN discussions that there is an option "client-cert-not-required". I can't find an equivalent in the OpenVPN configuration on pfSense. Am I missing something?
Instead, would it be possible to create a universal client certificate that could be included in the package delivered to all our users?
Also, if I setup the system to use RADIUS for authentication, do I still need to create each user on the pfSense system? If so, is there a scripting method to "import" 100+ users so I don't have to "GUI" each user?
-
Just change the VPN type from "SSL/TLS + User Auth" to simply "User Auth" and then it does not require certs for clients.
-
Thank you! That did it for Windows and Mac.
Unfortunately the iPad app seems to require a certificate in order to even let me try to connect.
-
As a self-followup, in case someone else has the iPad problem, I figured out how to add a cert to the .ovpn file:
1. Go create a new cert in System > Cert Manager.
2. Export the cert and key separately (.crt and *.key files).
3. Using your favorite text editor open your previously exported *.ovpn file.
a. Find the line with "".
b. Put a line after this with "<cert>".
c. Insert the contents of the *.crt file.
d. Add two lines after this containing "</cert>" and "<key>".
e. Insert the contents of the *.key file.
f. Add a line after this containing "</key>""
g. Save the file. -
^ or just export the inline opvn file
- Inline Configurations:
Android OpenVPN Connect (iOS/Android) Others
- Inline Configurations:
-
An export of the inline ovpn file does not include any certificate. The iOS app requires one.
-
That depends on your specific mode of OpenVPN server. In SSL/TLS and SSL/TLS+User Auth mode, it does include the certificate.