Page MenuHomeVyOS Platform

OpenVPN Options error: you cannot use --verify-x509-name with --compat-names or --no-name-remapping
Open, Requires assessmentPublicBUG


In VyOS 1.3 the --compat-names was added due to T1512, however this breaks strict openvpn server validation checks such as --verify-x509-name.

It would be nice if openvpn did not use deprecated settings at all.


Difficulty level
Unknown (require assessment)
VyOS 1.3-rolling-202002190654
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Stricter validation

Event Timeline

yun created this task.Mar 9 2020, 10:23 AM
jjakob added a subscriber: jjakob.Mar 25 2020, 4:18 PM

We could make compat-names a configurable option that defaults to disabled, e.g. "set interfaces openvpn vtunX tls compat-names {no-remapping}"

pasik added a subscriber: pasik.Mar 25 2020, 7:10 PM