2 WAN and 2 OpenVPN , no client export on second server
-
When i have 2 WAN and 1 OpenVPN Server on each, the client Export shows only one OpenVPN server.
How to export clients for the second OpenVPN Server?
pfsense 2.2
thx -
At the top of the Client Export page it has "Remote Access Server" - are there 2 servers shown in that drop-down?
-
yes in the dropdown is only the first openvpn server. the second ist not in the dropdown box under "Remote Access Server"
-
Are both VPN servers activated? The Export utility shows only activated servers.
-
yes both are enabled and running
-
can someone with 2.2 test it?
create second openvpn server and check if it is possible to export client with both servers.
i opened a bug report but it rejected till someone can also reproduce it.
thx -
I tried that on 2.2 - 2 servers, each on a different interface but listening on the same port number.
Leaving "Description" blank, I get 2 entries in the dropdown list - both say ""Server UDP:1194".
I put 2 local users in, user 1 with cert for server 1, user 2 with cert for server 2. When I switch the selected server from the dropdown, the user displayed in the box at the bottom changes. So the system does not seem to get confused about the 2 entries in the Remote Access Server dropdown having the same text description.
I changed to have an identical description for both servers, and still get 2 entries in the dropdown list and it works.
Did a similar thing on my last 2.1.5 system, and no problem there either.
I can;t break it - can you show your OpenVPN server settings for each server?
(black out any addresses/keys… that look sensitive) -
hope it is ok to post it here
`<openvpn><openvpn-server><vpnid>1</vpnid>
<mode>server_tls_user</mode>
<authmode>Local Database</authmode>
<protocol>UDP</protocol>
<dev_mode>tun</dev_mode>
<ipaddr><interface>opt1</interface>
<local_port>1194</local_port><custom_options><tls>….</tls>
<caref>.....</caref>
<crlref>....</crlref>
<certref>......</certref>
<dh_length>2048</dh_length>
<cert_depth>1</cert_depth>
<strictusercn><crypto>AES-256-CBC</crypto>
<digest>SHA1</digest>
<engine>rdrand</engine>
<tunnel_network>192.168.99.0/24</tunnel_network>
<tunnel_networkv6><remote_network><remote_networkv6><gwredir><local_network>192.168.28.1/32,192.168.28.2/32</local_network>
<local_networkv6><maxclients><compression><passtos><client2client>yes</client2client>
<dynamic_ip>yes</dynamic_ip>
<pool_enable>yes</pool_enable>
<topology_subnet><serverbridge_dhcp><serverbridge_interface>none</serverbridge_interface>
<serverbridge_dhcp_start><serverbridge_dhcp_end><netbios_enable><netbios_ntype>0</netbios_ntype>
<netbios_scope><no_tun_ipv6>yes</no_tun_ipv6>
<verbosity_level>1</verbosity_level></netbios_scope></netbios_enable></serverbridge_dhcp_end></serverbridge_dhcp_start></serverbridge_dhcp></topology_subnet></passtos></compression></maxclients></local_networkv6></gwredir></remote_networkv6></remote_network></tunnel_networkv6></strictusercn></custom_options></ipaddr></openvpn-server>
<openvpn-server><vpnid>2</vpnid>
<mode>p2p_tls</mode>
<protocol>UDP</protocol>
<dev_mode>tun</dev_mode>
<ipaddr><interface>wan</interface>
<local_port>1194</local_port><custom_options><tls>…...</tls>
<caref>....</caref>
<crlref><certref>.....</certref>
<dh_length>1024</dh_length>
<cert_depth>1</cert_depth>
<crypto>AES-128-CBC</crypto>
<digest>SHA1</digest>
<engine>none</engine>
<tunnel_network>192.168.98.0/24</tunnel_network>
<tunnel_networkv6><remote_network><remote_networkv6><gwredir><local_network><local_networkv6><maxclients><compression><passtos><client2client><dynamic_ip><pool_enable>yes</pool_enable>
<topology_subnet><serverbridge_dhcp><serverbridge_interface>none</serverbridge_interface>
<serverbridge_dhcp_start><serverbridge_dhcp_end><netbios_enable><netbios_ntype>0</netbios_ntype>
<netbios_scope><no_tun_ipv6><verbosity_level>1</verbosity_level></no_tun_ipv6></netbios_scope></netbios_enable></serverbridge_dhcp_end></serverbridge_dhcp_start></serverbridge_dhcp></topology_subnet></dynamic_ip></client2client></passtos></compression></maxclients></local_networkv6></local_network></gwredir></remote_networkv6></remote_network></tunnel_networkv6></crlref></custom_options></ipaddr></openvpn-server></openvpn>` -
There is nothing in the settings that actually identifies your public IPs or usernames, keys, certs… So a malicious person is not going to get anywhere with the settings you posted there.
<mode>p2p_tls</mode>
The mode of the 2nd server is a peer-to-peer mode, so you cannot do client export for that.
You probably just missed selecting the mode when setting it up. If is is like the first server:<mode>server_tls_user</mode>
then client export is going to show it.
-
my fault
thx for the help