Hi all,
since the update to OpenVPN version 2.3 on IPFire the client log message "DEPRECATED OPTION: --tls-remote, please update your configuration" appears. so the clientside directive "--tls-remote" will be removed from OpenVPN in one of the comming versions --> https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage . For future updates of OpenVPN on IPFire (2.4+) it will be important to modify existing client.ovpnīs and replace the "--tls-remote name" with the new "--verify-x509-name name type" directive.
Since OpenVPN client/server version 2.3.2 the new verify option can be used in client configs whereby "type" includes the possibilty of 3 different kinds of verification --> "subject", "name" and "name-prefix" . This leads to a question which one of the "types" should be used for future versions on IPFire. 
At this time IPFire handles "--tls-remote" automatically and it canīt be configured over the WUI, this is handy cause the user doesnīt need to bother around with all that kind of settings, but should this remain in that way also for the new verification method ?

Also, to use "--verify-x509-name" the clients needs to have a version >= 2.3.2 otherwise the connection wonīt come up so there is no backwards compatibility with the new directive and version =< 2.3.1 .

May some people out there have some ideas, informations, ...., for this topic ?

Anyway a discussion about that might be interesting.

Greetings,

Erik