This refers to the open source firewall IPFire
Using a hostkey and certificates from an external certificate authority is possible with the following steps and restrictions:
.p12
. It needs to contain the host key and certificate signed by your CA./var/ipfire/ovpn/crls/cacrl.pem
/var/ipfire/ovpn/certs/servercert.pem
/usr/local/bin/openvpnctrl -r
/etc/httpd/server.crt
apachectl restart
When adding a new OpenVPN client, any route configured for it - including GREEN / ORANGE - yielded in the error message “Route xyz alread in use by another client”. It turned out, cddroute
and cddroute2
in /var/ipfire/ovpn
contained somewhat empty or spurious lines (meaning strange network settings or referencing non-existing client names). I removed a line in cddroute
that referenced a non-existing client and the networks 10.0.0.0/255.0.0.0,192.168.0.0/255.255.0.0,172.16.0.0/255.240.0.0. It seems, this fixed the issue.
— peter 09.11.2021 13:43 CET
/usr/lib/openvpn/verify
to get the value of CN=…