Arne Schwabe

I am not sure multiple CRLs for a CA are supported in OpenSSL. Also, you normally just one CRL. Is there any other software that support this setup? It would...

On what platform and on what capacity? It might be already support or not depending what you actually are looking for. E.g. https://github.com/tpm2-software/tpm2-openssl should already work with OpenVPN.

pkcs11 is should be supported in the old and new version. And also say what old and new version are. So if it doesn't work anymore that is a regression....

Even without allowing compression you still enable compression framing which will add an extra header. Does the server config also have a `compress` option in it?

pushing the username to the user is by no mean reliable. `auth-token-user` exist but only a subset of clients versions actually supports it. And on a lot of clients that...

@andreas-p internally that is still changing from the empty username `""` to some other username. The username gets transmitted very early in the OpenVPN handshake and OpenVPN currently sticks that...

@aprudnev That is more a problem of your authentication stack than OpenVPN itself. For what you are describing you probably want to use an authentication backend that generates the auth-token...

I think the openvpn-auth-oauth2 plugin should just log username and so on for that connection. Yes setting the OpeNVPN username would be nice in this scenario but that does not...

@aprudnev OpenVPN provides that information in its logs and also to plugins.

So your real issues are basically a problem for your setup since you still rely a lot on OpenVPN's internal management features and having them work with these features, we...