Re: [Openvpn-users] WARN server cert veri not enabled - .conf fileincludes remote-cert-eku "TLS We

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Jon Bendtsen wrote:
> Den 25. nov 2005 kl. 14:10 skrev Alon Bar-Lev:
> 
>> Jon Bendtsen wrote:
>>
>>> Hi
>>> My openvpn 2.1 beta7  complains at startup
>>>     Fri Nov 25 11:40:29 2005 WARNING: No server certificate  
>>> verification  method has been enabled.  See http://openvpn.net/ 
>>> howto.html#mitm for  more info.
>>> But my client.conf does include
>>>     remote-cert-eku "TLS Web Server Authentication"
>>
>>
>> Correct.
>> Will fix.
>>
>> But... Consider adding tls-remote option... Having an EKU only  filter 
>> is not secured.
> 
> 
> Why is it not secured?

Since ANY server will satisfy your client.
You should use:

remote-cert-ku b0
remote-cert-eku "TLS Web Server Authentication"
tls-remote "/C=CC/O=OOO/CN=XXXX"

Replace "/C=CC/O=OOO/CN=XXXX" with your server certificate 
subject name.

Then your client will connect to a server with specific name.

Best Regards,
Alon Bar-Lev.

Re: [Openvpn-users] WARN server cert veri not enabled - .conf fileincludes remote-cert-eku "TLS We

Robust and flexible VPN network tunnelling

Re: [Openvpn-users] WARN server cert veri not enabled - .conf fileincludes remote-cert-eku "TLS Web Server Authentication"