4. OpenVPN Client Export and verify-x509-name vs tls-remote

OpenVPN Client Export and verify-x509-name vs tls-remote

  • Rebel Alliance Developer Netgate

    I updated the OpenVPN Client Export package (now 1.2.1) and changed how the server CN verification works. It should be fairly automatic and self-explanatory but here's a bit of info:

    • At the default, it will use verify-x509-name and quote the server CN, since I couldn't find any OpenVPN 2.3 client that rejected the quoted server CN.
    • You can force it to use tls-remote, with or without quoting the server CN since some clients break with/without that.
    • You can now also choose to disable server CN verification

    I hope that clears up any of the recent mess.

    0
  • Rebel Alliance Developer Netgate

    Missed a file in the last commit, it's 1.2.2 now, should be OK to try.

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy