diff --git a/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/dialogInstance.xml b/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/dialogInstance.xml
index 1ec1e44980b..996a36e0f8e 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/dialogInstance.xml
+++ b/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/dialogInstance.xml
@@ -680,4 +680,14 @@ Set to 0 to disable, remember to change your client as well.
false
+
+ instance.verify-x509-name
+
+ text
+ true
+ Accept connections only if a host's X.509 name is equal to name.
+
+ false
+
+
diff --git a/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php b/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php
index 61c53fdbf08..447b7f7c168 100644
--- a/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php
+++ b/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php
@@ -691,6 +691,10 @@ public function generateInstanceConfig($uuid = null)
if (!empty((string)$node->{'ifconfig-pool-persist'})) {
$options['ifconfig-pool-persist'] = "/var/etc/openvpn/instance-{$node_uuid}.pool";
}
+
+ if (!empty((string)$node->verify-x509-name)) {
+ $options['verify-x509-name'] = (string)$node->verify-x509-name;
+ }
}
$options['persist-tun'] = null;
$options['persist-key'] = null;
diff --git a/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.xml b/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.xml
index 9ce600a8440..934f113d9aa 100644
--- a/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.xml
@@ -385,6 +385,7 @@
Y
+