OpenVPN, RADIUS & Client-Specific Overrides
We run OpenVPN in Remote Access (SSL/TLS + User Auth) mode, using RADIUS on a Server 2012 DC for the authentication.
Before enabling RADIUS, pfSense would use the users certificate CN to trigger a client-specific override. Since enabling RADIUS, it seems pf is taking the domain username as the Common Name for the connection and not applying the CSO.
Is there an option to tell pf to either retain and use the certificate CN as the auth or will it always use the RADIUS result because it is the second factor?