Project

General

Profile

Feature #7767

OCSP support for OpenVPN server

Added by Michael Voetter over 2 years ago. Updated 2 months ago.

Status:
New
Priority:
Normal
Assignee:
Category:
OpenVPN
Target version:
Start date:
08/11/2017
Due date:
% Done:

0%

Estimated time:

Description

It would be great to have a possibility to enable OCSP checking for OpenVPN Server included in pfSense. It seems to be possible to perform OCSP checks without modifying the OpenVPN implementation (http://permalink.gmane.org/gmane.network.openvpn.devel/2492) by just adding a script performing the checks. Therefore, it seems to be possible to implement this feature in a relatively short amount of time which in return would add value to the OpenVPN Server feature of pfSense.

History

#1 Updated by Jim Pingle over 1 year ago

  • Category set to OpenVPN
  • Assignee set to Jim Pingle

#2 Updated by Jim Pingle over 1 year ago

  • Target version set to 2.4.4

#3 Updated by Steve Beaver over 1 year ago

  • Status changed from New to This Sprint

#4 Updated by Steve Beaver over 1 year ago

  • Status changed from This Sprint to New

#5 Updated by Jim Pingle over 1 year ago

  • Target version changed from 2.4.4 to 48

#6 Updated by Jim Pingle 8 months ago

  • Target version changed from 48 to 2.5.0

#7 Updated by Jim Pingle 2 months ago

The link above seems to be dead, but there is an example script in https://github.com/OpenVPN/openvpn/blob/master/contrib/OCSP_check/OCSP_check.sh

The example check could be adapted and added to source:src/usr/local/sbin/ovpn_auth_verify and source:src/etc/inc/openvpn.tls-verify.php

Also available in: Atom PDF