2 servers with 2 certifcates in one config-File
Posted: Mon May 03, 2021 9:33 am
Hello,
we have to Dratek Routers with an internet connection for each an OVPN-Server. We do not have our own PKI yet. For the VPN we use the certificates created by the routers. Both are working fine as OVPN-Servers with their own client configs. The certificates are included in each config file in PEM format.
Our Users get 2 ".ovpn"-files, they can us both. At the moment, the random feature is existing in form, which client config the user use.
My plan ist, that I have only one config file. I tried "remote-random, works fine. But with only one set of PEM's, the last one, when both are in the .ovpn-file.
It seems, that the selected server jumps to the last "CA"-entry and use ca, cert and key from the last entry. So random is working for the servers. For the certificates, only the last "ca-entry" is importatnt. Chosen a server, ther first set of PEM-entries is ignored and I get a certificate error, the other server is chosen and taking the last entry, the vpn connections will be established. So the random works for the server, but only the last certificate is used. I read about capath but at least its the same problem I will run into.
Does anyone have an idea how to handle this with one client config file?
Regards, Jens
we have to Dratek Routers with an internet connection for each an OVPN-Server. We do not have our own PKI yet. For the VPN we use the certificates created by the routers. Both are working fine as OVPN-Servers with their own client configs. The certificates are included in each config file in PEM format.
Our Users get 2 ".ovpn"-files, they can us both. At the moment, the random feature is existing in form, which client config the user use.
My plan ist, that I have only one config file. I tried "remote-random, works fine. But with only one set of PEM's, the last one, when both are in the .ovpn-file.
It seems, that the selected server jumps to the last "CA"-entry and use ca, cert and key from the last entry. So random is working for the servers. For the certificates, only the last "ca-entry" is importatnt. Chosen a server, ther first set of PEM-entries is ignored and I get a certificate error, the other server is chosen and taking the last entry, the vpn connections will be established. So the random works for the server, but only the last certificate is used. I read about capath but at least its the same problem I will run into.
Does anyone have an idea how to handle this with one client config file?
Regards, Jens