2 WAN and 2 OpenVPN , no client export on second server



  • When i have 2 WAN and 1 OpenVPN Server on each, the client Export shows only one OpenVPN server.
    How to export clients for the second OpenVPN Server?
    pfsense 2.2
    thx



  • At the top of the Client Export page it has "Remote Access Server" - are there 2 servers shown in that drop-down?



  • yes in the dropdown is  only the first openvpn server. the second ist not in the dropdown box under "Remote Access Server"



  • Are both VPN servers activated? The Export utility shows only activated servers.



  • yes both are enabled and running



  • can someone with 2.2 test it?

    create second openvpn server and check if it is possible to export client with both servers.

    i opened a bug report but it rejected till someone can also reproduce it.
    thx



  • I tried that on 2.2 - 2 servers, each on a different interface but listening on  the same port number.
    Leaving "Description" blank, I get 2 entries in the dropdown list - both say ""Server UDP:1194".
    I put 2 local users in, user 1 with cert for server 1, user 2 with cert for server 2. When I switch the selected server from the dropdown, the user displayed in the box at the bottom changes. So the system does not seem to get confused about the 2 entries in the Remote Access Server dropdown having the same text description.
    I changed to have an identical description for both servers, and still get 2 entries in the dropdown list and it works.
    Did a similar thing on my last 2.1.5 system, and no problem there either.
    I can;t break it - can you show your OpenVPN server settings for each server?
    (black out any addresses/keys… that look sensitive)



  • hope it is ok to post it here
    `<openvpn><openvpn-server><vpnid>1</vpnid>
    <mode>server_tls_user</mode>
    <authmode>Local Database</authmode>
    <protocol>UDP</protocol>
    <dev_mode>tun</dev_mode>
    <ipaddr><interface>opt1</interface>
    <local_port>1194</local_port>

    <custom_options><tls>….</tls>
    <caref>.....</caref>
    <crlref>....</crlref>
    <certref>......</certref>
    <dh_length>2048</dh_length>
    <cert_depth>1</cert_depth>
    <strictusercn><crypto>AES-256-CBC</crypto>
    <digest>SHA1</digest>
    <engine>rdrand</engine>
    <tunnel_network>192.168.99.0/24</tunnel_network>
    <tunnel_networkv6><remote_network><remote_networkv6><gwredir><local_network>192.168.28.1/32,192.168.28.2/32</local_network>
    <local_networkv6><maxclients><compression><passtos><client2client>yes</client2client>
    <dynamic_ip>yes</dynamic_ip>
    <pool_enable>yes</pool_enable>
    <topology_subnet><serverbridge_dhcp><serverbridge_interface>none</serverbridge_interface>
    <serverbridge_dhcp_start><serverbridge_dhcp_end><netbios_enable><netbios_ntype>0</netbios_ntype>
    <netbios_scope><no_tun_ipv6>yes</no_tun_ipv6>
    <verbosity_level>1</verbosity_level></netbios_scope></netbios_enable></serverbridge_dhcp_end></serverbridge_dhcp_start></serverbridge_dhcp></topology_subnet></passtos></compression></maxclients></local_networkv6></gwredir></remote_networkv6></remote_network></tunnel_networkv6></strictusercn></custom_options></ipaddr></openvpn-server>
    <openvpn-server><vpnid>2</vpnid>
    <mode>p2p_tls</mode>
    <protocol>UDP</protocol>
    <dev_mode>tun</dev_mode>
    <ipaddr><interface>wan</interface>
    <local_port>1194</local_port>

    <custom_options><tls>…...</tls>
    <caref>....</caref>
    <crlref><certref>.....</certref>
    <dh_length>1024</dh_length>
    <cert_depth>1</cert_depth>
    <crypto>AES-128-CBC</crypto>
    <digest>SHA1</digest>
    <engine>none</engine>
    <tunnel_network>192.168.98.0/24</tunnel_network>
    <tunnel_networkv6><remote_network><remote_networkv6><gwredir><local_network><local_networkv6><maxclients><compression><passtos><client2client><dynamic_ip><pool_enable>yes</pool_enable>
    <topology_subnet><serverbridge_dhcp><serverbridge_interface>none</serverbridge_interface>
    <serverbridge_dhcp_start><serverbridge_dhcp_end><netbios_enable><netbios_ntype>0</netbios_ntype>
    <netbios_scope><no_tun_ipv6><verbosity_level>1</verbosity_level></no_tun_ipv6></netbios_scope></netbios_enable></serverbridge_dhcp_end></serverbridge_dhcp_start></serverbridge_dhcp></topology_subnet></dynamic_ip></client2client></passtos></compression></maxclients></local_networkv6></local_network></gwredir></remote_networkv6></remote_network></tunnel_networkv6></crlref></custom_options></ipaddr></openvpn-server></openvpn>`



  • There is nothing in the settings that actually identifies your public IPs or usernames, keys, certs… So a malicious person is not going to get anywhere with the settings you posted there.

    <mode>p2p_tls</mode>
    

    The mode of the 2nd server is a peer-to-peer mode, so you cannot do client export for that.
    You probably just missed selecting the mode when setting it up. If is is like the first server:

    <mode>server_tls_user</mode>
    

    then client export is going to show it.



  • my fault
    thx for the help


Log in to reply