Important Note On Possible "Man-in-the-Middle" Attack if Clients Do Not Verify the Certificate of the Server They Are Connecting To
To avoid a possible Man-in-the-Middle attack where an authorized client tries to connect to another client by impersonating the server, make sure to enforce some kind of server certificate verification by clients. There are currently five different ways of accomplishing this, listed in the order of preference:
[OpenVPN 2.1 and above] Build your server certificates with specific key usage and extended key usage. The RFC3280 determine that the following attributes should be provided for TLS connections:
Mode
Key usage
Extended key usage
Client
digitalSignature
TLS Web Client Authentication
keyAgreement
digitalSignature, keyAgreement
Server
digitalSignature, keyEncipherment
TLS Web Server Authentication
digitalSignature, keyAgreement
You can build your server certificates with the build-key-server script (see the easy-rsa documentation for more info). This will designate the certificate as a server-only certificate by setting the right attributes. Now add the following line to your client configuration:
remote-cert-tls server
[OpenVPN 2.0 and below] Build your server certificates with the build-key-server script (see the easy-rsa documentation for more info). This will designate the certificate as a server-only certificate by setting nsCertType=server. Now add the following line to your client configuration:
ns-cert-type server
This will block clients from connecting to any server which lacks the nsCertType=server designation in its certificate, even if the certificate has been signed by the ca file in the OpenVPN configuration file.
Use the tls-remote directive on the client to accept/reject the server connection based on the common name of the server certificate.
Use a tls-verify script or plugin to accept/reject the server connection based on a custom test of the server certificate's embedded X509 subject details.
Sign server certificates with one CA and client certificates with a different CA. The client configuration ca directive should reference the server-signing CA file, while the server configuration ca directive should reference the client-signing CA file.