diff options
| author | Parménides GV <parmegv@sdf.org> | 2014-12-23 20:09:25 +0100 |
|---|---|---|
| committer | Parménides GV <parmegv@sdf.org> | 2014-12-23 20:09:25 +0100 |
| commit | 44b59b984f76da62d409b585047224cb1e958016 (patch) | |
| tree | 1a8d7f85690ce56196855fa969e86b1e53d813f3 /app/openvpn/sample/sample-config-files/client.conf | |
| parent | b3f0c7b3111efc1066423925b02a9edf9e15eaa7 (diff) | |
| parent | d6190becb1c48ee912b11a4206116d0fd4c90772 (diff) | |
Merge branch 'bug/Try-different-ports-to-connect-to-the-openvpn-server-#6560' into develop
Diffstat (limited to 'app/openvpn/sample/sample-config-files/client.conf')
| -rw-r--r-- | app/openvpn/sample/sample-config-files/client.conf | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/app/openvpn/sample/sample-config-files/client.conf b/app/openvpn/sample/sample-config-files/client.conf index 58b2038b..050ef600 100644 --- a/app/openvpn/sample/sample-config-files/client.conf +++ b/app/openvpn/sample/sample-config-files/client.conf @@ -89,18 +89,19 @@ ca ca.crt cert client.crt key client.key -# Verify server certificate by checking -# that the certicate has the nsCertType -# field set to "server". This is an -# important precaution to protect against +# Verify server certificate by checking that the +# certicate has the correct key usage set. +# This is an important precaution to protect against # a potential attack discussed here: # http://openvpn.net/howto.html#mitm # # To use this feature, you will need to generate -# your server certificates with the nsCertType -# field set to "server". The build-key-server -# script in the easy-rsa folder will do this. -ns-cert-type server +# your server certificates with the keyUsage set to +# digitalSignature, keyEncipherment +# and the extendedKeyUsage to +# serverAuth +# EasyRSA can do this for you. +remote-cert-tls server # If a tls-auth key is used on the server # then every client must also have the key. |