Bug #706
closed
OpenVPN client export needs to include remote-cert-tls server
Added by Chris Buechler over 14 years ago.
Updated over 11 years ago.
Description
OpenVPN client export needs to include the following line in all client configurations.
remote-cert-tls server
According to the OpenVPN config file reference, that should be safe to add in all cases, even when TLS is not in use.
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset commit:"9c46da2615a9fccf1e90f7658e8dfc2fee3ff52b".
The export does not include the option "remote-cert-tls server"
Exported config file:
dev tun
persist-tun
persist-key
proto udp
cipher AES-128-CBC
tls-client
client
resolv-retry infinite
remote x.x.x.x x
auth-user-pass
pkcs12 x.p12
tls-auth x.key 1
PFsense version:
2.0-BETA4 Built On: Tue Nov 30 13:09:03 EST 2010
- Status changed from Feedback to Closed
Nowadays Pfsense seems to be able to generate server certificates, so I don't see any reason to not add 'remote-cert-tls server' to client configs. It helps preventing MITM attacks.
Hmm, nevermind, it seems to include 'ns-cert-type server' nowadays, that should suffice.
Also available in: Atom
PDF
Updated by 
Updated by Anonymous 
Updated by