|
|
Hi I use the tls-remote directive on my clients. The man pages say *--tls-remote name* Accept connections only from a host with X509 name or common name equal to *name now here is the subbject line of the server certificate Subject: C=CH, L=Schlieren, O=Ruf Telematik, CN=openvpn@xxxxxxxxxxxxxxx/emailAddress=openvpn@xxxxxxxxxxxxxxx and this is the client.conf entry tls-remote openvpn@xxxxxxxxxxxxxxx/emailAddress=openvpn@xxxxxxxxxxxxxxx here is the logged error Tue Apr 05 14:44:37 2005 VERIFY OK: depth=1, /C=CH/L=Schlieren/O=Ruf_Telematik/OU=ASP/CN=AspCA/emailAddress=ca@xxxxxxxxxx Tue Apr 05 14:44:37 2005 VERIFY X509NAME ERROR: /C=CH/L=Schlieren/O=Ruf_Telematik/CN=openvpn@xxxxxxxxxxxxxxx/emailAddress=openvpn@xxxxxxxxxxxxxxx, must be openvpn@xxxxxxxxxxxxxxx/emailAddress=openvpn@xxxxxxxxxxxxxxx It appears as if the CN is not recognized, it tries to use the complete subject for a comparison BTW, this is Windoze GUI latest vs. OpenVPN 2.0rc18 cheers Erich * ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |