From 03d4c6e46aceee78b62ad8bec0590a6a4f6df89c Mon Sep 17 00:00:00 2001 From: jim-p Date: Mon, 11 Nov 2013 08:45:53 -0500 Subject: Disable "verify-x509-name" in some cases. It can cause problems with auth-only setups, and also with Yealink/Snom phones since they are stuck on an older OpenVPN version that does not support this feature. --- config/openvpn-client-export/openvpn-client-export.inc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'config/openvpn-client-export/openvpn-client-export.inc') diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc index c7afb9e6..cf7eb7a4 100755 --- a/config/openvpn-client-export/openvpn-client-export.inc +++ b/config/openvpn-client-export/openvpn-client-export.inc @@ -209,7 +209,9 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $quotese if (($expformat != "inlinedroid") && ($expformat != "inlineios")) $conf .= "resolv-retry infinite{$nl}"; $conf .= "$remotes{$nl}"; - if (!empty($servercn)) { + /* This line can cause problems with auth-only setups and also with Yealink/Snom phones + since they are stuck on an older OpenVPN version that does not support this feature. */ + if (!empty($servercn) && !$nokeys && (substr($expformat, 0, 7) != "yealink") && ($expformat != "snom")) { $qw = ($quoteservercn) ? "\"" : ""; $conf .= "verify-x509-name {$qw}{$servercn}{$qw} name{$nl}"; } -- cgit v1.2.3