[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] MIM attack protect server

  • Subject: Re: [Openvpn-users] MIM attack protect server
  • From: James Yonan <jim@xxxxxxxxx>
  • Date: Tue, 25 Jan 2005 11:46:05 -0700 (MST)

On Tue, 25 Jan 2005, cldpeak wrote:

> I've got my Man in the Middle protection working where the client uses ns-cert-
> type server and tls-remote options in the client openvpn config file.
> Is the server still in danger of Man in Middle attackers posing as clients?  
> Should I enforce similar options in the OpenVPN server config file?

The MITM issue is mostly relevant on clients because they should only be 
connecting to a server, not directly to another client.

The server analog would be to use --ns-cert-type client to force 
connecting with clients only.  It's not really necessary in most cases 
because the server already has a flexible selection of access control 
directives (--client-config-dir, --ccd-exclusive, --client-connect, 


Openvpn-users mailing list