OpenVPN

freetomfr · Jun 25, 2010, 10:13 AM

Hi everyone, I have a problem with server certificate verification when i establish a connection.

It's work well but I have a waring in the log file :

No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

This problem can result to man in the middle attacks.

I saw that I have to use the remote-cert-tls server parameter but in order to do this I also have to build a server-only certificate.

The user interface of pfSense don't seems to allow this. What is the solution to solve this problem?

Thanks

freetomfr · Jun 28, 2010, 8:57 AM

No one can help me?

scoop · Jun 28, 2010, 9:52 AM

The pfSense GUI (from 1.2.3 at least) doesn't provide you with PKI (CA and certificate) management tools. You will have to create your own, either on Unix or Windows depending on your environment. There are many ways to do this, but I suppose the easiest way is to stick with the utilities that are provided with OpenVPN. You can read a bit more about it in the documentation here.

cmb · Jun 29, 2010, 12:35 AM

You already have a server certificate, just add that to the client configuration. That'll be added to the client export before release.