Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    "No server certificate verification method has been enabled"

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 3.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      riahc3 Banned
      last edited by

      I  keep getting this error on the client side "No server certificate verification method has been enabled"

      Here is the server conf:

      
      dev ovpns1
      verb 1
      dev-type tun
      tun-ipv6
      dev-node /dev/tun1
      writepid /var/run/openvpn_server1.pid
      #user nobody
      #group nobody
      script-security 3
      daemon
      keepalive 10 60
      ping-timer-rem
      persist-tun
      persist-key
      proto udp
      cipher AES-128-CBC
      auth SHA1
      up /usr/local/sbin/ovpn-linkup
      down /usr/local/sbin/ovpn-linkdown
      local 192.168.100.180
      tls-server
      server 10.11.10.0 255.255.255.0
      client-config-dir /var/etc/openvpn-csc
      tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'myovsrv-svr' 1"
      lport 1194
      management /var/etc/openvpn/server1.sock unix
      client-to-client
      ca /var/etc/openvpn/server1.ca
      cert /var/etc/openvpn/server1.cert
      key /var/etc/openvpn/server1.key
      dh /etc/dh-parameters.2048
      tls-auth /var/etc/openvpn/server1.tls-auth 0
      comp-lzo adaptive
      persist-remote-ip
      float
      push "route 192.168.2.0 255.255.255.0"
      push "route 192.168.100.100 255.255.255.0"
      
      

      And my client config is:

      
      client
      proto udp
      remote 192.168.100.180 1194
      cipher AES-128-CBC
      user root
      group root
      verb 2
      mute 20
      keepalive 10 120
      comp-lzo
      persist-key
      persist-tun
      float
      resolv-retry infinite
      nobind
      
      # adopted settings
      ca /etc/ssl/certs/openvpn-tunnel0-ca.crt
      cert /etc/ssl/certs/openvpn-tunnel0.crt
      key /etc/ssl/certs/openvpn-tunnel0.key
      dev tun0
      dh /etc/ssl/certs/dh1024.pem
      up "/etc/openvpn/tunnel0-up"
      down "/etc/openvpn/tunnel0-down"
      ipchange "/etc/openvpn/tunnel0-ipchange"
      
      
      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        And where are you checking th server?  Why do you have user root in there??

        
        dev tun
        persist-tun
        persist-key
        cipher BF-CBC
        auth SHA1
        tls-client
        client
        resolv-retry infinite
        remote snipped 443 tcp-client
        lport 0
        verify-x509-name "pfsenseopenvpn" name
        pkcs12 pfSense-TCP-443-snipped.p12
        tls-auth pfSense-TCP-443-snipped-tls.key 1
        ns-cert-type server
        comp-lzo adaptive
        
        

        server

        
        dev ovpns1
        verb 1
        dev-type tun
        dev-node /dev/tun1
        writepid /var/run/openvpn_server1.pid
        #user nobody
        #group nobody
        script-security 3
        daemon
        keepalive 10 60
        ping-timer-rem
        persist-tun
        persist-key
        proto tcp-server
        cipher BF-CBC
        auth SHA1
        up /usr/local/sbin/ovpn-linkup
        down /usr/local/sbin/ovpn-linkdown
        local snipped
        tls-server
        server 10.0.8.0 255.255.255.0
        client-config-dir /var/etc/openvpn-csc
        tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'pfsenseopenvpn' 1"
        lport 443
        management /var/etc/openvpn/server1.sock unix
        max-clients 2
        push "route 192.168.1.0 255.255.255.0"
        push "route 192.168.2.0 255.255.255.0"
        push "route 192.168.3.0 255.255.255.0"
        push "dhcp-option DOMAIN local.lan"
        push "dhcp-option DNS 192.168.1.253"
        ca /var/etc/openvpn/server1.ca
        cert /var/etc/openvpn/server1.cert
        key /var/etc/openvpn/server1.key
        dh /etc/dh-parameters.2048
        tls-auth /var/etc/openvpn/server1.tls-auth 0
        comp-lzo adaptive
        persist-remote-ip
        float
        
        

        servermode.png
        servermode.png_thumb
        clientcheckservercn.png
        clientcheckservercn.png_thumb

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.