Project

General

Profile

Actions

Correction #14084

closed

Feedback on Virtual Private Networks — OpenVPN — OpenVPN Configuration Options — Client Specific Overrides

Added by Marius Popa over 2 years ago. Updated over 2 years ago.

Status:
Resolved
Priority:
Low
Assignee:
Category:
OpenVPN
Target version:
-
Start date:
Due date:
% Done:

100%

Estimated time:

Description

Page: https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/configure-overrides.html
Using:

2.5.0-RELEASE (amd64)
built on Tue Feb 16 08:56:29 EST 2021 

we have defined an OVPN server using ONLY user auth. In this case, client specific overrides are not working (not matching the username with the Common Name under client specific overrides). The solution is to tick the 'Username as Common Name' from the OVPN server config, but this should not be needed since we only use user auth. Perhaps the docs need improvement to highlight this is needed ?

The name of the user which OpenVPN will match when a client connects. When using SSL/TLS authentication this is the common name field of the certificate. When using user authentication this is the username.

should become:

The name of the user which OpenVPN will match when a client connects. When using SSL/TLS authentication this is the common name field of the certificate. When using user authentication this behavior is determined by the Username as Common Name option on the OpenVPN server.

Thank you

Feedback:

Actions #1

Updated by Jim Pingle over 2 years ago

  • Assignee set to Jim Pingle

It's actually working as it should in that case, but you are right the docs could use some clarity on that.

Without a certificate you have no "common name". Selecting that option is the way to make it assume the common name is the username so it will match the overrides.

Actions #2

Updated by Jim Pingle over 2 years ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

I pushed a correction for this, it will be live in ~10-15 minutes when the build finishes.

Actions

Also available in: Atom PDF