Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    "No server certificate verification method has been enabled"

    OpenVPN
    2
    2
    3.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      riahc3 Banned
      last edited by

      I  keep getting this error on the client side "No server certificate verification method has been enabled"

      Here is the server conf:

      
dev ovpns1
verb 1
dev-type tun
tun-ipv6
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-128-CBC
auth SHA1
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 192.168.100.180
tls-server
server 10.11.10.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'myovsrv-svr' 1"
lport 1194
management /var/etc/openvpn/server1.sock unix
client-to-client
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh /etc/dh-parameters.2048
tls-auth /var/etc/openvpn/server1.tls-auth 0
comp-lzo adaptive
persist-remote-ip
float
push "route 192.168.2.0 255.255.255.0"
push "route 192.168.100.100 255.255.255.0"

      And my client config is:

      
client
proto udp
remote 192.168.100.180 1194
cipher AES-128-CBC
user root
group root
verb 2
mute 20
keepalive 10 120
comp-lzo
persist-key
persist-tun
float
resolv-retry infinite
nobind

# adopted settings
ca /etc/ssl/certs/openvpn-tunnel0-ca.crt
cert /etc/ssl/certs/openvpn-tunnel0.crt
key /etc/ssl/certs/openvpn-tunnel0.key
dev tun0
dh /etc/ssl/certs/dh1024.pem
up "/etc/openvpn/tunnel0-up"
down "/etc/openvpn/tunnel0-down"
ipchange "/etc/openvpn/tunnel0-ipchange"
      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        And where are you checking th server?  Why do you have user root in there??

        
dev tun
persist-tun
persist-key
cipher BF-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote snipped 443 tcp-client
lport 0
verify-x509-name "pfsenseopenvpn" name
pkcs12 pfSense-TCP-443-snipped.p12
tls-auth pfSense-TCP-443-snipped-tls.key 1
ns-cert-type server
comp-lzo adaptive

        server

        
dev ovpns1
verb 1
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto tcp-server
cipher BF-CBC
auth SHA1
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local snipped
tls-server
server 10.0.8.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'pfsenseopenvpn' 1"
lport 443
management /var/etc/openvpn/server1.sock unix
max-clients 2
push "route 192.168.1.0 255.255.255.0"
push "route 192.168.2.0 255.255.255.0"
push "route 192.168.3.0 255.255.255.0"
push "dhcp-option DOMAIN local.lan"
push "dhcp-option DNS 192.168.1.253"
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh /etc/dh-parameters.2048
tls-auth /var/etc/openvpn/server1.tls-auth 0
comp-lzo adaptive
persist-remote-ip
float

        servermode.png
        servermode.png_thumb
        clientcheckservercn.png
        clientcheckservercn.png_thumb

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.