[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Re: IP Allocation


  • Subject: Re: [Openvpn-users] Re: IP Allocation
  • From: Helder Miguel Gaspar Rodrigues <crash@xxxxxxxx>
  • Date: Thu, 13 Jan 2005 06:13:50 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ohh sure..my bad!sorry.
so i think i will use tls-remote in my clients configuration.

Thanks
Charles Duffy wrote:
| On Thu, 2005-01-13 at 06:05 +0000, Helder Miguel Gaspar Rodrigues wrote:
|
|>- -tls-remote name
|>~    Accept connections only from a host with X509 name or common name
|>equal to name. The remote host must also pass all other tests of
|>verification.
|>
|>cant the attacker create a cert with the same common name and make the
|>attack?
|
|
| A cert with the same common name, sure.
|
| A cert with the same common name, signed by your CA -- not if you keep
| your CA's private key hidden away securely.
|

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFB5hGdXuDuuXe+pHkRAjE0AJ9U134mO/el4loHU8uvm0vLKvW4aACfYyAc
CP9qfZcB5u59alor2/bOekQ=
=lMAU
-----END PGP SIGNATURE-----



-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users