• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

OpenVPN with certificates + LDAP

Scheduled Pinned Locked Moved OpenVPN
5 Posts 3 Posters 5.2k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • F
    fmroeira86
    last edited by Dec 24, 2014, 10:48 PM Dec 24, 2014, 6:01 PM

    Hi guys!

    I'm trying to config openvpn server with ldap auth.

    The problem is: how do I get the users certificates?

    LDAP auth is working ok, but is there any way to "import" users into "Users" of Pfsense so I can create their certificates and then use OpenVPN Export utility?

    Thanks

    1 Reply Last reply Reply Quote 0
    • J
      jimp Rebel Alliance Developer Netgate
      last edited by Dec 29, 2014, 8:10 PM

      You can create certificates for them under System > Cert Manager. No need to define the users on the User Manager.

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 0
      • S
        snm777
        last edited by Jan 15, 2015, 2:40 PM Jan 15, 2015, 2:33 PM

        Hello, I'm trying to do the same thing as the OP.  I have my LDAP configured and tested as far as authenticating to the firewall.  As per the response, I have created a certificate for the LDAP user in the local CA on the pfsense box.

        What I don't understand is how to use the OpenVPN Client Export utility to export the client + the user's cert.  The only thing that shows in the "Client Install Packages is the user "Authentication (No Cert)"
        Do i have to export the client software, then manually export the cert for each user and come up with instructions for telling them how to import the cert into their particular OpenVPN client?  Below is what my Client Export screen looks like, am I missing something?
        https://www.dropbox.com/s/cscr2qfdcoisuws/Screenshot%202015-01-15%2009.32.57.png?dl=0

        1 Reply Last reply Reply Quote 0
        • J
          jimp Rebel Alliance Developer Netgate
          last edited by Jan 15, 2015, 2:51 PM

          For the certificates to be used the server mode must be set to "SSL/TLS + User Auth", and the user certs/keys must be imported under System > Cert Manager, on the Certificates tab.

          If the export package only shows "Authentication Only (No Cert)" then the mode must be set to "User Auth" only without SSL/TLS, which is wrong if you want client certificates.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • S
            snm777
            last edited by Jan 15, 2015, 5:04 PM

            Derp.  Thank you.  I don't know how I missed that option during the setup wizard, but I did.  I edited the server entry under OpenVPN for my LDAP server, changed it to Remote Access (SSL/TLS + User Auth), and the client export wizard now shows a client build for the certificate I cut for my test user.  Now I jsut need to install it someplace and verfiy it's all working :D  Thanks a ton!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received