hostname does not match certificate CN no longer working

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
mephmanx
OpenVpn Newbie
Posts: 1
Joined: Thu Jun 23, 2022 3:09 am

hostname does not match certificate CN no longer working

Post by mephmanx » Thu Jun 23, 2022 3:17 am

All,

For about a year I have had an OpenVPN server (via PFSense) that used a certificate with a CN of *.cloud.local for server cert yet developers accessed the VPN through a dyndns.com DNS name and things worked great. Recently (a few weeks maybe...havent been able to pin down what might have changed) it no longer does. I now need to create a certificate for the OpenVPN server with a CN of the dyndns.com hostname. Many would say "of course, thats the answer!" but the previous behavior was much more advantageous to my infra needs as the way this infra is designed it does not need to know anything about external setup and there is no configuration to be done for setup by users. Basically, the system comes on a thumb drive, you plug it in and it builds and entire cloud for you. The problem is that the installer would never know that you use dyndns.com for you VPN access host. Basically Im trying to ask if anyone knows why this might have changed recently and if I could get the old behavior back where no matter what host the VPN is accessed through, it does not check and does not matter. I have a feeling that was a bug, not a feature though. If there is a switch somewhere I could set to enable that deprecated behavior I would love to know which switch to set. I am trying to prevent all admin access to the PFSense console to change which certificate is used by the OpenVPN server. I am basically trying to externalize all of this configuration onto other devices.

Post Reply