I'm trying to understand exactly how this works.
If you are only trusting certificates from a private CA that's only issuing certs for a specific vpn then I assume it doesn't make much difference what the certificate says (ie the CN), it's from the trusted CA so that's enough to authenticate the connection.
If you're using a public CA though anyone can get a cert from them so your VPN has to be checking something else in the cert (like the CN). How does this work if you're not using FQDNs when setting up the VPN? I think I read somewhere the IP can be put in the SAN field on the cert but I've gotten my self pretty confused and I'm really hoping someone tell me how this is generally dealt with.
Thanks