OpenVPN Client Export and verify-x509-name vs tls-remote


  • Rebel Alliance Developer Netgate

    I updated the OpenVPN Client Export package (now 1.2.1) and changed how the server CN verification works. It should be fairly automatic and self-explanatory but here's a bit of info:

    • At the default, it will use verify-x509-name and quote the server CN, since I couldn't find any OpenVPN 2.3 client that rejected the quoted server CN.
    • You can force it to use tls-remote, with or without quoting the server CN since some clients break with/without that.
    • You can now also choose to disable server CN verification

    I hope that clears up any of the recent mess.


  • Rebel Alliance Developer Netgate

    Missed a file in the last commit, it's 1.2.2 now, should be OK to try.