diff options
author | jim-p <jimp@pfsense.org> | 2010-06-29 10:54:30 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2010-06-29 10:54:30 -0400 |
commit | a8f64f3d477460a0fe87254b9ef4a29f37d926e2 (patch) | |
tree | 90a4d30e8fbf5c86dc0d6b3682cfc98bef2f7aa6 | |
parent | 260c3b18a4dfab3f07e0f46687cc5cf4b284ecc9 (diff) | |
download | pfsense-packages-a8f64f3d477460a0fe87254b9ef4a29f37d926e2.tar.gz pfsense-packages-a8f64f3d477460a0fe87254b9ef4a29f37d926e2.tar.bz2 pfsense-packages-a8f64f3d477460a0fe87254b9ef4a29f37d926e2.zip |
Add this in all cases, not just TLS. Fixes #706
-rwxr-xr-x | config/openvpn-client-export/openvpn-client-export.inc | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc index 97cbfa64..85f18cae 100755 --- a/config/openvpn-client-export/openvpn-client-export.inc +++ b/config/openvpn-client-export/openvpn-client-export.inc @@ -197,9 +197,11 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke if ($settings['tls'] && !$skiptls) { $conf .= "tls-auth {$prefix}-tls.key 1\n"; - $conf .= "remote-cert-tls server\n"; } + // Prevent MITM attacks by verifying the server certificate. + $conf .= "remote-cert-tls server\n"; + // add optional settings if ($settings['compression']) $conf .= "comp-lzo\n"; |