In VyOS 1.3 the --compat-names was added due to T1512, however this breaks strict openvpn server validation checks such as --verify-x509-name.
It would be nice if openvpn did not use deprecated settings at all.
In VyOS 1.3 the --compat-names was added due to T1512, however this breaks strict openvpn server validation checks such as --verify-x509-name.
It would be nice if openvpn did not use deprecated settings at all.
We could make compat-names a configurable option that defaults to disabled, e.g. "set interfaces openvpn vtunX tls compat-names {no-remapping}"
Compat names were dropped in https://github.com/vyos/vyos-1x/commit/c8ef5e8bdce01bbf05297df39e6c6223d0b2a2ea