When setting an openvpn client with a name using the command
set interfaces openvpn vtun0 server client "John Smith" ip 10.190.1.1
the config is correctly set but the resulting user created in /opt/vyatta/etc/openvpn/ccd/vtun0/ is not created correctly. With the above command a file with the name John is created in /opt/vyatta/etc/openvpn/ccd/vtun0/ while a file name Smith is created in /home/vyos. In openvpn 2.3 and above, the client names no longer use the underscore to replace space or other special character and it expects the file name with the spaces and other special characters to be created for each user to match their client certificate CN. So a file with "John Smith" must be created in /opt/vyatta/etc/openvpn/ccd/vtun0/. This issue prevents any user whose name has spaces from being able to login to openvpn when the reject-unconfigured-clients option is set, as the name doesn't match. Since vyos 1,2 is uing openvpn 2.4, there is a temporary workaround for this by using openvpn-option --compat-names to force it to use the old naming convention of underscore instead of space. However, the --compat-names is deprecated and removed from openvpn 2.5. Below is the configurations causing the problem.
vyos@vyos# show interfaces openvpn openvpn vtun0 { description OpenVPN firewall { in { } } local-host 10.200.3.55 mode server openvpn-option --float openvpn-option --compat-names protocol tcp-passive server { client "John Smith" { ip 10.190.1.1 } name-server 10.111.111.111 reject-unconfigured-clients subnet 10.190.0.0/16 } tls { ca-cert-file /config/auth/ca.crt cert-file /config/auth/vpnserver2015.crt crl-file /config/auth/crl.pem dh-file /config/auth/dh2048.pem key-file /config/auth/vpnserver2015.key } } [edit] vyos@vyos# ls /opt/vyatta/etc/openvpn/ccd/vtun0/ John [edit] vyos@vyos# ls Smith [edit] vyos@vyos#