Feature #3318
closed
Ability to disable "verify-x509-name"
100%
Description
This option is not available in most clients. Would be better to have it disabled (by default) in the export GUI.
Regards
Files
Updated by Jim Pingle about 11 years ago
Any OpenVPN 2.3-based client will work, which is most of them now. Or it should be.
Aside from older Phones (e.g. Yealink/Snom) and maybe DD-WRT firmwares, clients should be running 2.3-based in most cases. The tls-remote option has been deprecated by OpenVPN so the correct fix is to update your client where possible. The phones should already have this option excluded from their config in the latest client export package version.
It works OK on Android, iOS, Tunnelblick (make sure to set your profile to use OpenVPN 2.3.x), Viscosity, Windows, etc.
I can look into adding this as a choice, but it may be a few days.
Updated by Todor K about 11 years ago
It's OpenWRT and DD-WRT yes. Some LTS linux distributions are also working on 2.2.
Updated by Jim Pingle about 11 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset commit:1a533cc04b825769bf2c8a83f574894132fe9ba4.
Updated by Jim Pingle about 11 years ago
Did you actually choose the option to use tls-remote when exporting after updating the package? "auto" will only use verify-x509-name except in a few other cases, you'll have to manually pick the choice for tls-remote.
If it still doesn't work properly and you chose the correct export option, start a forum thread to discuss rather than debugging here on the ticket.
Updated by Todor K about 11 years ago
Updated by Jim Pingle about 11 years ago
FYI- a file apparently didn't get into my final commit, but it's there now.
Updated by Chris Buechler over 10 years ago
- Status changed from Feedback to Resolved