Feature #3318
closed
Ability to disable "verify-x509-name"
Added by Todor K about 11 years ago.
Updated over 10 years ago.
Description
This option is not available in most clients. Would be better to have it disabled (by default) in the export GUI.
Regards
Files
Talking about Openvpn export.
Any OpenVPN 2.3-based client will work, which is most of them now. Or it should be.
Aside from older Phones (e.g. Yealink/Snom) and maybe DD-WRT firmwares, clients should be running 2.3-based in most cases. The tls-remote option has been deprecated by OpenVPN so the correct fix is to update your client where possible. The phones should already have this option excluded from their config in the latest client export package version.
It works OK on Android, iOS, Tunnelblick (make sure to set your profile to use OpenVPN 2.3.x), Viscosity, Windows, etc.
I can look into adding this as a choice, but it may be a few days.
It's OpenWRT and DD-WRT yes. Some LTS linux distributions are also working on 2.2.
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset commit:1a533cc04b825769bf2c8a83f574894132fe9ba4.
Did you actually choose the option to use tls-remote when exporting after updating the package? "auto" will only use verify-x509-name except in a few other cases, you'll have to manually pick the choice for tls-remote.
If it still doesn't work properly and you chose the correct export option, start a forum thread to discuss rather than debugging here on the ticket.
FYI- a file apparently didn't get into my final commit, but it's there now.
- Status changed from Feedback to Resolved
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 