OpenVPN client specific overrides - cn/username problem



  • Hi,

    Can someone explain why username-as-common-name is used?

    I've got two client specific overrides for my username mvrk, mvrk_home and mvrk_phone.

    On my linux openvpn service, i don't have the option username-as-common-name and i can login with username mvrk without problems using certificate mvrk_home or mvrk_phone.

    I'm moving my openvpn server to pfsense but after i login with mvrk it fails to push the client specific overrides because theres is no ccd mvrk.

    Is there any way to remove the option username-as-common-name?


  • Rebel Alliance Developer Netgate

    We use it because in cases when there are no certificates, it's needed to make sure overrides work.

    And usually people want that effect, since sometimes people have setups that share certs but use different usernames (not my ideal preference, but I've seen people do it e.g. with shared laptops)

    There isn't a way to disable it currently, but it could maybe happen in a future version.



  • Ok, would be great to have that in the future.

    In my case i use different certificates but same username (ldap user) but i want to give different options for each connection, for example: home pc - one IP / latop - other IP and different routes, etc…