8000 OpenVPN: Add support for verify-x509-name options by laozhoubuluo · Pull Request #8603 · opnsense/core · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

OpenVPN: Add support for verify-x509-name options #8603

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

8000

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

OpenVPN: Add support for verify-x509-name options #8603

wants to merge 2 commits into from

Conversation

laozhoubuluo
Copy link
@laozhoubuluo laozhoubuluo commented May 6, 2025
edited
Loading

Add support for verify-x509-name for improve security in some scenarios (especially point-to-point scenarios).

Add support for sndbuf/rcvbuf for optimize the performance of OpenVPN in different scenarios. Remove sndbuf/rcvbuf options due to no obvious effect.

@AdSchellevis
Copy link
Member

we looked at sndbuf and rcvbuf before, but didn't look very useful at the time, see also #6703.

net.inet.tcp.sendspace and net.inet.tcp.recvspace, net.inet.udp.recvspace should show the current defaults if I'm not mistaken.

@laozhoubuluo
Copy link
Author

we looked at sndbuf and rcvbuf before, but didn't look very useful at the time, see also #6703.

net.inet.tcp.sendspace and net.inet.tcp.recvspace, net.inet.udp.recvspace should show the current defaults if I'm not mistaken.

sndbuf and rcvbuf are just inherited from the original configuration habits. I am not sure if there will be any other side effects if they are changed at the operating system level.
In addition, the logic of empty = system default value is valid. The existing framework does not seem to be very convenient for real-time reading of operating system values.

@AdSchellevis
Copy link
Member

while converting configurations, it's often also a good idea to reassess habits I suppose. During our testing, these values didn't turn out to be very relevant compared to the defaults.

@laozhoubuluo laozhoubuluo changed the title OpenVPN: Add support for verify-x509-name/sndbuf/rcvbuf options OpenVPN: Add support for verify-x509-name options May 7, 2025
@laozhoubuluo
Copy link
Author

while converting configurations, it's often also a good idea to reassess habits I suppose. During our testing, these values didn't turn out to be very relevant compared to the defaults.

OK. I have removed the two corresponding settings parameters.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@laozhoubuluo @AdSchellevis
0