----- "Vasiliy G Tolstov" <[EMAIL PROTECTED]> wrote: > There is problem because NM add > g_ptr_array_add (openvpn_argv, (gpointer) "--ns-cert-type"); > g_ptr_array_add (openvpn_argv, (gpointer) "server"); >
The NM openvpn plugin requires that the remote certificate is created with a server certificate designation (which seems to often get missed/ignored by certificate creation scripts). This restriction should prevent a man in the middle attack, where an attacker with a valid client certificate is impersonating the server. Regards, Jon. _______________________________________________ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list