Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. VPN
  3. Common Name (CN) issue

Common Name (CN) issue

Scheduled Pinned Locked Moved Solved VPN
9 Posts 4 Posters 1.5k Views 4 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      J Offline
      jkimmerling
      wrote on last edited by
      #1

      Hello, I have run into an use trying to create site to site vpn connections using the cloudron version of openvpn. The issue is because of how you manage the CN's. IF my account is joshd, then all my clients will have CN's of joshd/namehere. The forward slash kills the ability to push routes, as it messed with how openvpn accesses the client's iroutes in their ccd.

      Using my previous example CN, the ccd should be "namehere", but cloudron's openvpn makes the ccd joshd/namehere, it causes the server to think the config is now nested in a folder that will not exist.

      Please stop using "/"'s for your CN's. Use a dash or underscore, or anything that is not going to mess with directory transversal.

      marcusquinnM ? 2 Replies Last reply
      0
      • J jkimmerling

        Hello, I have run into an use trying to create site to site vpn connections using the cloudron version of openvpn. The issue is because of how you manage the CN's. IF my account is joshd, then all my clients will have CN's of joshd/namehere. The forward slash kills the ability to push routes, as it messed with how openvpn accesses the client's iroutes in their ccd.

        Using my previous example CN, the ccd should be "namehere", but cloudron's openvpn makes the ccd joshd/namehere, it causes the server to think the config is now nested in a folder that will not exist.

        Please stop using "/"'s for your CN's. Use a dash or underscore, or anything that is not going to mess with directory transversal.

        marcusquinnM Offline
        marcusquinnM Offline
        marcusquinn
        wrote on last edited by
        #2

        @jkimmerling said in Common Name (CN) issue:

        oshd/namehere

        Would wrapping in speech-marks fix? Eg; "oshd/namehere".

        Web Design https://www.evergreen.je
        Development https://brandlight.org
        Life https://marcusquinn.com

        1 Reply Last reply
        0
        • girishG Offline
          girishG Offline
          girish
          Staff
          wrote on last edited by
          #3

          @jkimmerling Thanks for the report. I created https://git.cloudron.io/cloudron/openvpn-app/-/issues/26

          J 1 Reply Last reply
          1
          • J jkimmerling

            Hello, I have run into an use trying to create site to site vpn connections using the cloudron version of openvpn. The issue is because of how you manage the CN's. IF my account is joshd, then all my clients will have CN's of joshd/namehere. The forward slash kills the ability to push routes, as it messed with how openvpn accesses the client's iroutes in their ccd.

            Using my previous example CN, the ccd should be "namehere", but cloudron's openvpn makes the ccd joshd/namehere, it causes the server to think the config is now nested in a folder that will not exist.

            Please stop using "/"'s for your CN's. Use a dash or underscore, or anything that is not going to mess with directory transversal.

            ? Offline
            ? Offline
            A Former User
            wrote on last edited by
            #4

            @jkimmerling said in Common Name (CN) issue:

            ccd

            What is the ccd?
            I do wish I didn't have to keep looking up every obscure acronym encountered.

            J 1 Reply Last reply
            0
            • girishG Offline
              girishG Offline
              girish
              Staff
              wrote on last edited by
              #5

              @Hillside502 It stands for --client-config-dir. It's an openvpn feature that lets you add client specific rules (based on the CN name in the VPN certificate).

              1 Reply Last reply
              0
              • ? A Former User

                @jkimmerling said in Common Name (CN) issue:

                ccd

                What is the ccd?
                I do wish I didn't have to keep looking up every obscure acronym encountered.

                J Offline
                J Offline
                jkimmerling
                wrote on last edited by
                #6

                @Hillside502

                as girish says, it allows specific rules per client.

                The main rule I am needing is the ability to connect 2 lans on opposite sides of the vpn server.

                192.168.1.x (Router A) 10.8.0.2 ----> VPN server <----- 10.8.0.3 (Router B) 192.168.2.x

                I need the 192.168.1.x network to be able to talk to the 192.168.2.x networks. This is accomplished by pushing routes and using iroutes defined in a client CCD file.

                I can and have done this with a non-cloudron openvpn installation, but it would be nice to have a solution that was much quicker to deploy.

                1 Reply Last reply
                0
                • girishG girish

                  @jkimmerling Thanks for the report. I created https://git.cloudron.io/cloudron/openvpn-app/-/issues/26

                  J Offline
                  J Offline
                  jkimmerling
                  wrote on last edited by
                  #7

                  @girish Thanks!

                  1 Reply Last reply
                  0
                  • girishG Offline
                    girishG Offline
                    girish
                    Staff
                    wrote on last edited by
                    #8

                    @jkimmerling I have pushed an update. Certificate CNs now use underscore. Can you please verify?

                    1 Reply Last reply
                    1
                    • girishG Offline
                      girishG Offline
                      girish
                      Staff
                      wrote on last edited by
                      #9

                      I have added docs at https://cloudron.io/documentation/apps/openvpn/#custom-client-configuration

                      1 Reply Last reply
                      1
                      Reply
                      • Reply as topic
                      Log in to reply
                      • Oldest to Newest
                      • Newest to Oldest
                      • Most Votes


                        • Login

                        • Don't have an account? Register

                        • Login or register to search.
                        • First post
                          Last post
                        0
                        • Categories
                        • Recent
                        • Tags
                        • Popular
                        • Bookmarks
                        • Search