OpenVPN-Client disable CA-KeyUsage checking

[tmueko]

Hi, I try to connect a TrueNAS-Core to a opnSense-Firewall (FreeBSD based).
When I try to setup the Client. I can't import the CA generated bei opnSense because of "Root CA must have CRL Sign set for KeyUsage extension."

Is it possible to disable this checking? I can connect to this Firewall with Mac, Windows, Linux and even a TrueNAS/FreeNAS/FreeBSD-Jail...

 

[chyczewski]

Any progress on this? I too have a CA that does not have a CRL Sign set and need a resolution for Truenas OVPN Client.

-- I do appreciate this is mandatory as default, but there should be a way to have some options set for these services.

 

[pdavid-muc]

I have the exact same issue. I'm running a OPNsense firewall with multiple VPN connections, for backup purposes i need a VPN connection from the TrueNAS device to the firewall.

 

[tmueko]

My solution so far:
create the client-conf and place it in on your pool, lets say

/mnt/<pool01>/.openvpn/openvpn_client.conf

In the WebGUI go to System: Tunables and create tree entries of type "rc"
openvpn_client_enable = yes openvpn_client_configfile = /mnt/<pool01>/.openvpn/openvpn_client.conf openvpn_client_dir = /mnt/<pool01>/.openvpn

then reboot or call "/usr/local/etc/rc.d/openvpn_client start"

 

[pdavid-muc]

Thank you @tmueko for your post - i will try as soon as i can and report back.

 

[mgoulet65]

Worked for me ... thanks