https://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162010-06-29T10:53:57ZpfSense bugtrackerpfSense - Bug #706: OpenVPN client export needs to include remote-cert-tls serverhttps://redmine.pfsense.org/issues/706?journal_id=23422010-06-29T10:53:57ZJim Pingle
<ul></ul><p>According to the OpenVPN config file reference, that should be safe to add in all cases, even when TLS is not in use.</p> pfSense - Bug #706: OpenVPN client export needs to include remote-cert-tls serverhttps://redmine.pfsense.org/issues/706?journal_id=23432010-06-29T10:55:08ZJim Pingle
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Feedback</i></li><li><strong>% Done</strong> changed from <i>0</i> to <i>100</i></li></ul><p>Applied in changeset commit:"9c46da2615a9fccf1e90f7658e8dfc2fee3ff52b".</p> pfSense - Bug #706: OpenVPN client export needs to include remote-cert-tls serverhttps://redmine.pfsense.org/issues/706?journal_id=40162010-12-03T02:14:34ZAnonymous
<ul></ul><p>The export does not include the option "remote-cert-tls server"</p>
<p>Exported config file:<br />dev tun<br />persist-tun<br />persist-key<br />proto udp<br />cipher AES-128-CBC<br />tls-client<br />client<br />resolv-retry infinite<br />remote x.x.x.x x<br />auth-user-pass<br />pkcs12 x.p12<br />tls-auth x.key 1</p>
<p>PFsense version:<br />2.0-BETA4 Built On: Tue Nov 30 13:09:03 EST 2010</p> pfSense - Bug #706: OpenVPN client export needs to include remote-cert-tls serverhttps://redmine.pfsense.org/issues/706?journal_id=40222010-12-03T09:29:58ZJim Pingle
<ul><li><strong>Status</strong> changed from <i>Feedback</i> to <i>Closed</i></li></ul><p>We discovered that it was not compatible with the way we built the server certificates. See <a class="external" href="https://rcs.pfsense.org/projects/pfsense-packages/repos/mainline/commits/dd7fb03ee362cfee1765749fc80f015e78389504">https://rcs.pfsense.org/projects/pfsense-packages/repos/mainline/commits/dd7fb03ee362cfee1765749fc80f015e78389504</a></p> pfSense - Bug #706: OpenVPN client export needs to include remote-cert-tls serverhttps://redmine.pfsense.org/issues/706?journal_id=116952013-06-17T06:46:55ZMike Noordermeermike@normi.net
<ul></ul><p>Nowadays Pfsense seems to be able to generate server certificates, so I don't see any reason to not add 'remote-cert-tls server' to client configs. It helps preventing MITM attacks.</p> pfSense - Bug #706: OpenVPN client export needs to include remote-cert-tls serverhttps://redmine.pfsense.org/issues/706?journal_id=116962013-06-17T06:53:37ZMike Noordermeermike@normi.net
<ul></ul><p>Hmm, nevermind, it seems to include 'ns-cert-type server' nowadays, that should suffice.</p>