next »

[Nachtfalke]

Hi,

every time I connect to my pfsense server I got this message

Code:

WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

My knowledge about OpenVPN isn't really good but I didn't found a possibility in pfsense Cert Manager to get this working:

Code:

You can build your server certificates with the build-key-server script (see the easy-rsa documentation for more info). This will designate the certificate as a server-only certificate by setting the right attributes. Now add the following line to your client configuration:

remote-cert-tls server

Did I miss something in the Cert Manager config options or isn't there a possibility in there till now ?

[jimp]

I have looked into that, but building keys that way requires some extra openssl.cnf mojo that is tricky to work out when trying to use PHP's OpenSSL functions like we do.

[Nachtfalke]

Hi jimp,

thanks for feedback. Just wanted to be sure that I didn't miss anything in the pfsense config.