This refers to the open source firewall IPFire
Using a hostkey and certificates from an external certificate authority is possible with the following steps and restrictions:
.p12. It needs to contain the host key and certificate signed by your CA.
When adding a new OpenVPN client, any route configured for it - including GREEN / ORANGE - yielded in the error message “Route xyz alread in use by another client”. It turned out,
/var/ipfire/ovpn contained somewhat empty or spurious lines (meaning strange network settings or referencing non-existing client names). I removed a line in
cddroute that referenced a non-existing client and the networks 10.0.0.0/255.0.0.0,192.168.0.0/255.255.0.0,172.16.0.0/255.240.0.0. It seems, this fixed the issue.
— peter 09.11.2021 13:43 CET
/usr/lib/openvpn/verifyto get the value of CN=…