aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjim-p <jimp@pfsense.org>2010-06-29 10:54:30 -0400
committerjim-p <jimp@pfsense.org>2010-06-29 10:54:30 -0400
commita8f64f3d477460a0fe87254b9ef4a29f37d926e2 (patch)
tree90a4d30e8fbf5c86dc0d6b3682cfc98bef2f7aa6
parent260c3b18a4dfab3f07e0f46687cc5cf4b284ecc9 (diff)
downloadpfsense-packages-a8f64f3d477460a0fe87254b9ef4a29f37d926e2.tar.gz
pfsense-packages-a8f64f3d477460a0fe87254b9ef4a29f37d926e2.tar.bz2
pfsense-packages-a8f64f3d477460a0fe87254b9ef4a29f37d926e2.zip
Add this in all cases, not just TLS. Fixes #706
-rwxr-xr-xconfig/openvpn-client-export/openvpn-client-export.inc4
1 files changed, 3 insertions, 1 deletions
diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc
index 97cbfa64..85f18cae 100755
--- a/config/openvpn-client-export/openvpn-client-export.inc
+++ b/config/openvpn-client-export/openvpn-client-export.inc
@@ -197,9 +197,11 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $usetoke
if ($settings['tls'] && !$skiptls) {
$conf .= "tls-auth {$prefix}-tls.key 1\n";
- $conf .= "remote-cert-tls server\n";
}
+ // Prevent MITM attacks by verifying the server certificate.
+ $conf .= "remote-cert-tls server\n";
+
// add optional settings
if ($settings['compression'])
$conf .= "comp-lzo\n";