Update openvpn configuration to allow the UNLIMITED 'name-prefix'.

If clients connect with, for example, 'CN=UNLIMITED4rlkwpr0kitv5umpy34m933ko' they should be allowed to verify the same as if they connect with 'CN=UNLIMITED'.
author: Micah Anderson <micah@riseup.net> 2022-06-08 15:17:59 -0400
committer: Micah Anderson <micah@riseup.net> 2022-06-08 15:17:59 -0400
commit: 0497c342b901941a0bf6fbc0a87ce607ff34ac60 (patch)
tree: 5886f9e2386d0a22fad1f6a0f5cd045bd0797a01
parent: cdf8b0d8260a78558c8cdf979c89234bbeb813ff (diff)
2 files changed, 2 insertions, 2 deletions
diff --git a/config/roles/openvpn/templates/tcp.conf.j2 b/config/roles/openvpn/templates/tcp.conf.j2
index efa923b..958c612 100644
--- a/config/roles/openvpn/templates/tcp.conf.j2
+++ b/config/roles/openvpn/templates/tcp.conf.j2
@@ -29,6 +29,6 @@ server {{ openvpn_tcp_network | ipv4('network') }} {{ openvpn_tcp_network | ipv4
 status /tmp/openvpn-status-tcp 10
 status-version 3
 tcp-nodelay
-verify-x509-name "CN=UNLIMITED"
+verify-x509-name UNLIMITED name-prefix
 topology subnet
 verb 3
diff --git a/config/roles/openvpn/templates/udp.conf.j2 b/config/roles/openvpn/templates/udp.conf.j2
index 673c0c8..3da2231 100644
--- a/config/roles/openvpn/templates/udp.conf.j2
+++ b/config/roles/openvpn/templates/udp.conf.j2
@@ -29,6 +29,6 @@ server {{ openvpn_udp_network | ipv4('network') }} {{ openvpn_udp_network | ipv4
 status /tmp/openvpn-status-udp 10
 status-version 3
 tcp-nodelay
-verify-x509-name "CN=UNLIMITED"
+verify-x509-name UNLIMITED name-prefix
 topology subnet
 verb 3
author	Micah Anderson <micah@riseup.net>	2022-06-08 15:17:59 -0400
committer	Micah Anderson <micah@riseup.net>	2022-06-08 15:17:59 -0400
commit	0497c342b901941a0bf6fbc0a87ce607ff34ac60 (patch)
tree	5886f9e2386d0a22fad1f6a0f5cd045bd0797a01
parent	cdf8b0d8260a78558c8cdf979c89234bbeb813ff (diff)