Page MenuHomeVyOS Platform

OpenVPN Options error: you cannot use --verify-x509-name with --compat-names or --no-name-remapping
Open, Requires assessmentPublicBUG

Description

In VyOS 1.3 the --compat-names was added due to T1512, however this breaks strict openvpn server validation checks such as --verify-x509-name.

It would be nice if openvpn did not use deprecated settings at all.

Details

Difficulty level
Unknown (require assessment)
Version
VyOS 1.3-rolling-202002190654
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Stricter validation
Issue type
Bug (incorrect behavior)

Event Timeline

We could make compat-names a configurable option that defaults to disabled, e.g. "set interfaces openvpn vtunX tls compat-names {no-remapping}"

erkin set Issue type to Bug (incorrect behavior).Aug 31 2021, 5:22 PM