diff options
author | Micah Anderson <micah@riseup.net> | 2022-06-08 15:17:59 -0400 |
---|---|---|
committer | Micah Anderson <micah@riseup.net> | 2022-06-08 15:17:59 -0400 |
commit | 0497c342b901941a0bf6fbc0a87ce607ff34ac60 (patch) | |
tree | 5886f9e2386d0a22fad1f6a0f5cd045bd0797a01 | |
parent | cdf8b0d8260a78558c8cdf979c89234bbeb813ff (diff) |
Update openvpn configuration to allow the UNLIMITED 'name-prefix'.
If clients connect with, for example, 'CN=UNLIMITED4rlkwpr0kitv5umpy34m933ko' they
should be allowed to verify the same as if they connect with 'CN=UNLIMITED'.
-rw-r--r-- | config/roles/openvpn/templates/tcp.conf.j2 | 2 | ||||
-rw-r--r-- | config/roles/openvpn/templates/udp.conf.j2 | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/config/roles/openvpn/templates/tcp.conf.j2 b/config/roles/openvpn/templates/tcp.conf.j2 index efa923b..958c612 100644 --- a/config/roles/openvpn/templates/tcp.conf.j2 +++ b/config/roles/openvpn/templates/tcp.conf.j2 @@ -29,6 +29,6 @@ server {{ openvpn_tcp_network | ipv4('network') }} {{ openvpn_tcp_network | ipv4 status /tmp/openvpn-status-tcp 10 status-version 3 tcp-nodelay -verify-x509-name "CN=UNLIMITED" +verify-x509-name UNLIMITED name-prefix topology subnet verb 3 diff --git a/config/roles/openvpn/templates/udp.conf.j2 b/config/roles/openvpn/templates/udp.conf.j2 index 673c0c8..3da2231 100644 --- a/config/roles/openvpn/templates/udp.conf.j2 +++ b/config/roles/openvpn/templates/udp.conf.j2 @@ -29,6 +29,6 @@ server {{ openvpn_udp_network | ipv4('network') }} {{ openvpn_udp_network | ipv4 status /tmp/openvpn-status-udp 10 status-version 3 tcp-nodelay -verify-x509-name "CN=UNLIMITED" +verify-x509-name UNLIMITED name-prefix topology subnet verb 3 |