Hi,
By default, on my 2.8.3 AS server, sacli generates client install packages at 2.7. Is there any way to have it bundle using the V3 client?
Thanks
Using sacli to generate V3 client install packages?
-
- OpenVpn Newbie
- Posts: 2
- Joined: Wed Apr 22, 2020 10:20 am
-
- OpenVPN User
- Posts: 46
- Joined: Fri Jun 10, 2011 12:03 am
Re: Using sacli to generate V3 client install packages?
I'd like to know the answer to this too.
-
- OpenVpn Newbie
- Posts: 4
- Joined: Wed May 20, 2020 3:15 pm
Re: Using sacli to generate V3 client install packages?
I would also love to know this please.
-
- OpenVpn Newbie
- Posts: 2
- Joined: Wed Apr 22, 2020 10:20 am
Re: Using sacli to generate V3 client install packages?
Well I have carried out the necessary updates to get the server to 2.85 andthe server now offers clients which are V3 when downloaded. Trouble is (and I have a support ticket open for this too) they are supposed to be user locked bundles when downloaded, but they are not. The problem is that users will login, then be expected to download and install the client, THEN also download the ovpn file and import it. I dont know about your users, but this might prove to be a stretch for mine (I love them all dearly incidentally).
- novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: Using sacli to generate V3 client install packages?
Hello zwavoo, luckman212, and fizpop,
This page already tells you how to generate v2 and v3 clients with bundled profiles using the command line:
https://openvpn.net/vpn-server-resource ... nstallers/
And when you download OpenVPN Connect v2 or v3 from the Access Server web interface as a user that does not have autologin privileges, you will get a client installer file that comes bundled with the server-locked profile. That profile will already be present right after installation. You use that to login, and underwater it actually uses a userlocked profile and connects with that. It drops it when you disconnect. Serverlocked profiles allow any valid user on your Access Server to login, instead of being locked to just the one specific user account.
If you really need a userlocked profile, then you can of course import that using the import from URL/server option in the v2 or v3 clients, or you can download a userlocked profile from the web interface of the Access Server and import that using import from file, or you can use the sacli command line tool to generate installer files that come with a specific user's userlocked profile.
At the moment there is no option to force the web interface of Access Server to generate OpenVPN Connect v2 or v3 installers that have a userlocked profile in them. Refinement to this will be implemented in later releases of Access Server and such an option will eventually become available. But it isn't there now.
This page already tells you how to generate v2 and v3 clients with bundled profiles using the command line:
https://openvpn.net/vpn-server-resource ... nstallers/
And when you download OpenVPN Connect v2 or v3 from the Access Server web interface as a user that does not have autologin privileges, you will get a client installer file that comes bundled with the server-locked profile. That profile will already be present right after installation. You use that to login, and underwater it actually uses a userlocked profile and connects with that. It drops it when you disconnect. Serverlocked profiles allow any valid user on your Access Server to login, instead of being locked to just the one specific user account.
If you really need a userlocked profile, then you can of course import that using the import from URL/server option in the v2 or v3 clients, or you can download a userlocked profile from the web interface of the Access Server and import that using import from file, or you can use the sacli command line tool to generate installer files that come with a specific user's userlocked profile.
At the moment there is no option to force the web interface of Access Server to generate OpenVPN Connect v2 or v3 installers that have a userlocked profile in them. Refinement to this will be implemented in later releases of Access Server and such an option will eventually become available. But it isn't there now.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.