Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN

    2.0-RC Snapshot Feedback and Problems - RETIRED
    3
    4
    1354
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      freetomfr last edited by

      Hi everyone, I have a problem with server certificate verification when i establish a connection.

      It's work well but I have a waring in the log file :

      No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

      This problem can result to man in the middle attacks.

      I saw that I have to use the remote-cert-tls server parameter but in order to do this I also have to build a server-only certificate.

      The user interface of pfSense don't seems to allow this. What is the solution to solve this problem?

      Thanks

      1 Reply Last reply Reply Quote 0
      • F
        freetomfr last edited by

        No one can help me?

        1 Reply Last reply Reply Quote 0
        • S
          scoop last edited by

          The pfSense GUI (from 1.2.3 at least) doesn't provide you with PKI (CA and certificate) management tools. You will have to create your own, either on Unix or Windows depending on your environment. There are many ways to do this, but I suppose the easiest way is to stick with the utilities that are provided with OpenVPN. You can read a bit more about it in the documentation here.

          1 Reply Last reply Reply Quote 0
          • C
            cmb last edited by

            You already have a server certificate, just add that to the client configuration. That'll be added to the client export before release.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post