Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN "Enforce key usage" configuration option.

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 1 Posters 649 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      Jimbo123
      last edited by

      I noticed today that there's an "Enforce key usage" option in my OpenVPN client configuration options which says that it's to "Verify that the remote host uses a server certificate".

      It's toggled on by default and must have landed in the 2.6.0 release as I've never noticed it before and as far as I can find there's no documentation on it as of yet.

      I'm guessing that this adds the "remote-cert-tls server" command when toggled on client side. Can anyone confirm or correct me on this?

      Cheers.

      J 1 Reply Last reply Reply Quote 0
      • J
        Jimbo123 @Jimbo123
        last edited by Jimbo123

        @jimbo123 I've since found this Redmine that seems to confirm that the option adds
        "remote-cert-tls server" in the config for the client:

        https://redmine.pfsense.org/issues/11865

        This is the option that has been added to the "Cryptographic Settings" in OpenVPN client configuration options.

        Screenshot from 2022-08-30 03-13-20.png

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.