"No server certificate verification method has been enabled"

riahc3 · May 4, 2015, 8:46 AM

I keep getting this error on the client side "No server certificate verification method has been enabled"

Here is the server conf:


dev ovpns1
verb 1
dev-type tun
tun-ipv6
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-128-CBC
auth SHA1
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 192.168.100.180
tls-server
server 10.11.10.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'myovsrv-svr' 1"
lport 1194
management /var/etc/openvpn/server1.sock unix
client-to-client
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh /etc/dh-parameters.2048
tls-auth /var/etc/openvpn/server1.tls-auth 0
comp-lzo adaptive
persist-remote-ip
float
push "route 192.168.2.0 255.255.255.0"
push "route 192.168.100.100 255.255.255.0"

And my client config is:


client
proto udp
remote 192.168.100.180 1194
cipher AES-128-CBC
user root
group root
verb 2
mute 20
keepalive 10 120
comp-lzo
persist-key
persist-tun
float
resolv-retry infinite
nobind

# adopted settings
ca /etc/ssl/certs/openvpn-tunnel0-ca.crt
cert /etc/ssl/certs/openvpn-tunnel0.crt
key /etc/ssl/certs/openvpn-tunnel0.key
dev tun0
dh /etc/ssl/certs/dh1024.pem
up "/etc/openvpn/tunnel0-up"
down "/etc/openvpn/tunnel0-down"
ipchange "/etc/openvpn/tunnel0-ipchange"

johnpoz · May 4, 2015, 11:21 AM

And where are you checking th server? Why do you have user root in there??


dev tun
persist-tun
persist-key
cipher BF-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote snipped 443 tcp-client
lport 0
verify-x509-name "pfsenseopenvpn" name
pkcs12 pfSense-TCP-443-snipped.p12
tls-auth pfSense-TCP-443-snipped-tls.key 1
ns-cert-type server
comp-lzo adaptive

server


dev ovpns1
verb 1
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto tcp-server
cipher BF-CBC
auth SHA1
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local snipped
tls-server
server 10.0.8.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'pfsenseopenvpn' 1"
lport 443
management /var/etc/openvpn/server1.sock unix
max-clients 2
push "route 192.168.1.0 255.255.255.0"
push "route 192.168.2.0 255.255.255.0"
push "route 192.168.3.0 255.255.255.0"
push "dhcp-option DOMAIN local.lan"
push "dhcp-option DNS 192.168.1.253"
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh /etc/dh-parameters.2048
tls-auth /var/etc/openvpn/server1.tls-auth 0
comp-lzo adaptive
persist-remote-ip
float