After 2.3 upgrade no users in client export



  • my user/certificate no longer show in the openvpn client export section so I am unable to export vpn keys like I used to be able to.  Is this an issue with the new release?



  • Hi, same problem with fresh install.



  • Same with me. When I restore an old config, I see the clients. In the fresh install, it´s empty.



  • Same with me. When I restore an old config, I see the clients. In the fresh install, it´s empty.

    Why would you expect to see your clients in a fresh install?
    Until you restore your previous config file, a new install has nothing but factory defaults.

    If you're saying that restoring a recent config file doesn't show your certs, but an older one does, then that points at a problem in your config files.

    Just for the record, I have upgraded at least four different systems and they all show clients in the export.
    Not to say there isn't a potential problem, but it's not seen by everyone.



  • In the fresh install, I certainly created a new client  ;) - But he won't show up. I know that there must be a client configured to get something shown…



  • The only time I've not been able to access a client cert in the Export util is when I create the cert using the wrong CA for the export server in question.



  • Any advance?


  • LAYER 8 Netgate

    Like divsys said, check that the Peer Certificate CA selected in the OpenVPN server and the Issuer of the user certificates match.



  • @Derelict:

    Like divsys said, check that the Peer Certificate CA selected in the OpenVPN server and the Issuer of the user certificates match.

    That is the case in my case, still no fun.


  • LAYER 8 Netgate

    I haven't looked at the code yet but I know there have been some changes to the verification of the type of certificates used by the servers so they might be checking the type of certificates used by clients too. Are they, in fact, user certificates (Server: No)?

    Any CAs/Certs expired?

    When you view System > Cert.Manager, Certificates is the Issuer of the user certs the same CA that is listed as OpenVPN's Peer Certificate CA?

    What is the Server Mode on your Remote Access OpenVPN instance?

    Everything I have upgraded has just worked in this regard. Have to find what's peculiar about your setup.



  • @Derelict:

    Are they, in fact, user certificates (Server: No)?

    Yes.

    Any CAs/Certs expired?

    No, fresh install.

    When you view System > Cert.Manager, Certificates is the Issuer of the user certs the same CA that is listed as OpenVPN's Peer Certificate CA?

    Yes.

    What is the Server Mode on your Remote Access OpenVPN instance?

    Peer to Peer (SSL/TLS)  :o
    I`m stupid, I know… ;D



  • OK, so all of the answers to the ultimate questions listed  were a 100% match for me.  This is what I had to do:  In pfSense, go to System - Package Manager - Available Packages. Find the package called openvpn-client-export and hit the install button, then confirm.  I wasn't aware that there were additional packages. And now it makes sense why folks who have fresh installs run across this.


Log in to reply