Hi Jan
Thank you for your answer.
Am 02.04.20 um 13:46 schrieb Jan Just Keijser:
it is not a requirement , but it's often good practice to do so. And I guess it depends on the kind of client-side certificates
? I've not heard of a *requirement* to set 'remote-cert-tls server' before...
...but I'm sorry, it's a little confusing to me.
When I remove 'remote-cert-tls server' in Client.conf, I get the following warning: "WARNING: No server certificate verification
method has been enabled. See http://openvpn.net/howto.html#mitm for more info."
If it's set, everything's fine. It seems that on the server-side the parameter 'remote-cert-tls client' has no effect and I
don't know if it is needed there at all. The daemon-startup-log is identical with or without it. But now I'm not sure what is
right... and I'm worried that in the worst case the two parameters will neutralize each other, because both say the opposite.
And whether it has to be both or whether the one on the client side is sufficient.
Do you have a recommendation for me...?... Client only...?... or on both sides
the appropriate parameter?
BG, Tom
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
