Solved : Two VPN users



  • Dear all,
    i've managed to create two VPN users with Two different Certificates.
    one user is the Admin for the manage and the second one is just to connect nothing more .

    when i tried to export the client 2 ( user) it not allowing me too, i've checked the correct certificate and user, but still can't see the export profile.

    any suggestions ?
    i've attached a screenshot



  • I can't see the admin user in the export tool also.

    There must be something wrong with your certificates. Check this again.

    For cert-auth you have to create a:

    • CA

    • server certificate

    • user certificate for each user

    Server certs and user certs for one VPN server must be from the same CA!
    The user certs may be created in the user manager.

    In VPN server setup you have to select one of the "SSL/TLS" server modes. Then you have to select the CA and the proper server cert.

    If this is done you can go to Client Export tool, select the VPN server if you have more then one and all users whos certificate is from the same CA as the one of the selected server should be listed for export there.



  • do you mean create just users and assign the same CA to the user ?



  • The user certificates for all the users that connect to 1 server must all be under the same CA.



  • @phil.davis:

    The user certificates for all the users that connect to 1 server must all be under the same CA.

    Thank you Phil,
    i just created a RADUIS configuration with my domain controllers and it works really great.
    thank you so much
    to other who might have the same issue or want to have a RADUIS to AD. please follow the below link.

    https://doc.pfsense.org/index.php/OpenVPN_with_RADIUS_via_Active_Directory
    

Log in to reply