Common Name (CN) issue
-
Hello, I have run into an use trying to create site to site vpn connections using the cloudron version of openvpn. The issue is because of how you manage the CN's. IF my account is joshd, then all my clients will have CN's of joshd/namehere. The forward slash kills the ability to push routes, as it messed with how openvpn accesses the client's iroutes in their ccd.
Using my previous example CN, the ccd should be "namehere", but cloudron's openvpn makes the ccd joshd/namehere, it causes the server to think the config is now nested in a folder that will not exist.
Please stop using "/"'s for your CN's. Use a dash or underscore, or anything that is not going to mess with directory transversal.
-
@jkimmerling said in Common Name (CN) issue:
oshd/namehere
Would wrapping in speech-marks fix? Eg;
"oshd/namehere"
. -
@jkimmerling Thanks for the report. I created https://git.cloudron.io/cloudron/openvpn-app/-/issues/26
-
@jkimmerling said in Common Name (CN) issue:
ccd
What is the ccd?
I do wish I didn't have to keep looking up every obscure acronym encountered. -
@Hillside502 It stands for --client-config-dir. It's an openvpn feature that lets you add client specific rules (based on the CN name in the VPN certificate).
-
@Hillside502
as girish says, it allows specific rules per client.
The main rule I am needing is the ability to connect 2 lans on opposite sides of the vpn server.
192.168.1.x (Router A) 10.8.0.2 ----> VPN server <----- 10.8.0.3 (Router B) 192.168.2.x
I need the 192.168.1.x network to be able to talk to the 192.168.2.x networks. This is accomplished by pushing routes and using iroutes defined in a client CCD file.
I can and have done this with a non-cloudron openvpn installation, but it would be nice to have a solution that was much quicker to deploy.
-
@jkimmerling I have pushed an update. Certificate CNs now use underscore. Can you please verify?
-
I have added docs at https://cloudron.io/documentation/apps/openvpn/#custom-client-configuration