Actions
Correction #14084
closedFeedback on Virtual Private Networks — OpenVPN — OpenVPN Configuration Options — Client Specific Overrides
Start date:
Due date:
% Done:
100%
Estimated time:
Description
Page: https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/configure-overrides.html
Using:
2.5.0-RELEASE (amd64) built on Tue Feb 16 08:56:29 EST 2021
we have defined an OVPN server using ONLY user auth. In this case, client specific overrides are not working (not matching the username with the Common Name under client specific overrides). The solution is to tick the 'Username as Common Name' from the OVPN server config, but this should not be needed since we only use user auth. Perhaps the docs need improvement to highlight this is needed ?
The name of the user which OpenVPN will match when a client connects. When using SSL/TLS authentication this is the common name field of the certificate. When using user authentication this is the username.
should become:
The name of the user which OpenVPN will match when a client connects. When using SSL/TLS authentication this is the common name field of the certificate. When using user authentication this behavior is determined by the Username as Common Name option on the OpenVPN server.
Thank you
Feedback:
Updated by Jim Pingle over 2 years ago
- Assignee set to Jim Pingle
It's actually working as it should in that case, but you are right the docs could use some clarity on that.
Without a certificate you have no "common name". Selecting that option is the way to make it assume the common name is the username so it will match the overrides.
Updated by Jim Pingle over 2 years ago
- Status changed from New to Resolved
- % Done changed from 0 to 100
I pushed a correction for this, it will be live in ~10-15 minutes when the build finishes.
Actions