diff --git a/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/export_options.xml b/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/export_options.xml
index a3e248fa7..0e9800c39 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/export_options.xml
+++ b/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/export_options.xml
@@ -31,7 +31,12 @@
checkbox
Use a random local source port (lport) for traffic from the client. Without this set, two clients may not run concurrently.
-
+
+ openvpn_export.validate_server_cn
+
+ checkbox
+ Verify the server certificate Common Name (CN) when the client connects
+
openvpn_export.testxx1
diff --git a/src/opnsense/mvc/app/library/OPNsense/OpenVPN/PlainOpenVPN.php b/src/opnsense/mvc/app/library/OPNsense/OpenVPN/PlainOpenVPN.php
index a0556965e..337cb9d6f 100644
--- a/src/opnsense/mvc/app/library/OPNsense/OpenVPN/PlainOpenVPN.php
+++ b/src/opnsense/mvc/app/library/OPNsense/OpenVPN/PlainOpenVPN.php
@@ -100,6 +100,13 @@ class PlainOpenVPN extends BaseExporter implements IExportProvider
$conf[] = "lport 0";
}
+ if ($this->config['mode'] !== 'server_user' && !empty($this->config['server_cn'])
+ && !empty($this->config['validate_server_cn'])) {
+ $conf[] = "verify-x509-name \"{$this->config['server_cn']}\" name";
+ } elseif (in_array($this->config['mode'], array('server_user', 'server_tls_user'))) {
+ $conf[] = "auth-user-pass";
+ }
+
return $conf;
}
diff --git a/src/opnsense/mvc/app/models/OPNsense/OpenVPN/Export.xml b/src/opnsense/mvc/app/models/OPNsense/OpenVPN/Export.xml
index cb5f2feb7..5d1dcede2 100644
--- a/src/opnsense/mvc/app/models/OPNsense/OpenVPN/Export.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/OpenVPN/Export.xml
@@ -22,6 +22,10 @@
1
Y
+
+ 1
+ Y
+