Page MenuHomeVyOS Platform

OpenVPN Options error: you cannot use --verify-x509-name with --compat-names or --no-name-remapping
Open, Requires assessmentPublicBUG

Description

In VyOS 1.3 the --compat-names was added due to T1512, however this breaks strict openvpn server validation checks such as --verify-x509-name.

It would be nice if openvpn did not use deprecated settings at all.

Details

Difficulty level
Unknown (require assessment)
Version
VyOS 1.3-rolling-202002190654
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Stricter validation

Event Timeline

yun created this task.Mon, Mar 9, 10:23 AM
jjakob added a subscriber: jjakob.Wed, Mar 25, 4:18 PM

We could make compat-names a configurable option that defaults to disabled, e.g. "set interfaces openvpn vtunX tls compat-names {no-remapping}"

pasik added a subscriber: pasik.Wed, Mar 25, 7:10 PM