OpenVPN Support Forum

Hi guys,

I'm new at using OpenVPN and I have run into an issue. I use my DDWRT router to host an OpenVPN server, and a OnePlus One running Android 4.4.2 and OpenVPN Connect 1.1.16 to connect to it. It's all working fine, TLS authentication included. Now, I read through some tutorials to make OpenVPN more secure and found some information regarding the "verify-x509-name" command to tighten security a little more. I am using the following line in the client profile on my Android smartphone:
Now, elephant is not the CN of my OpenVPN server and it still connects anyway. It doesn't matter what I enter there; it's as if the line is just ignored. I've also tried adding quotes around the name and tried some other variants where the entire subject is checked, but to no avail. I searched on the internet to see if there is anything to be done server-side to make the verify-x509-name command work but didn't find anything of the sort. I suspect that the problem has something to do with the Android client, so I thought I'd ask here.

So my question is: does the OpenVPN Connect client support this command? If so, what am I doing wrong?

Thanks!
Xyrr

Using standard OpenVPN and --verify-x509-name (bad.name name .. ie. deliberately incorrect name) I get this error: If this does not work for your Android smartphone then I would imagine either you have set it up incorrectly or OpenVPN for Android does not support this option ...

Please post your client log at verb 4.

Thanks for your reply. Unfortunately OpenVPN Connect for Android doesn't seem to have a log export function, nor is the log saved to a file, so I had to take screenshots. The first one seems to have pretty much all the information needed. Nowhere other than in this first piece of the log is verify-x509-name mentioned.



I'm assuming that, because the verify-x509-name option is unused, the Android client doesn't support it?

I made a reply before but it seems to have dissapeared, so I'll try again. First of all, thanks for your reply. Unfortunately, OpenVPN Connect for Android doesn't seem to have a log copy/paste or export function, so I had to take screenshots. There's no mention of anything related to verify-x509-name except for the first part of the log, showing it as unused.



The complete log can be seen here: http://i.imgur.com/JksawO8.jpg

I'm assuming that because it is shown as an unused option, verify-x509-name is not supported in the Android client? Or am I doing something wrong?

It does look like --verify-x509-name is not supported on Android smartphone ...

You could try asking in the #openvpn-as IRC channel on freenode, I expect you will get an authoritative answer there.