Re: openvpn connection failed

----- "Vasiliy G Tolstov" <v tolstov selfip ru> wrote:

> There is problem because NM add
> g_ptr_array_add (openvpn_argv, (gpointer) "--ns-cert-type");
> g_ptr_array_add (openvpn_argv, (gpointer) "server");

The NM openvpn plugin requires that the remote certificate is created with a server certificate designation (which seems to often get missed/ignored by certificate creation scripts). This restriction should prevent a man in the middle attack, where an attacker with a valid client certificate is impersonating the server.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]