Changes between Version 13 and Version 14 of EasyRSA3-OpenVPN-Howto
- Timestamp:
- 01/10/14 12:57:27 (10 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
EasyRSA3-OpenVPN-Howto
v13 v14 16 16 17 17 4. On your OpenVPN server, generate DH parameters (see the DH Generation section of this Howto) 18 19 == Easy-RSA and MITM protection with OpenVPN == 20 21 '''Important note:''' some OpenVPN configs rely on the deprecated "Netscape" cert attribute called nsCertType. This is deprecated behavior, and Easy-RSA 3 does '''not''' enable this by default like v2 did. Please use the `--remote-cert-tls` directive in your OpenVPN config files for MITM protection. 22 23 If you really need the old, deprecated behavior, enable the Netscape extensions by reading vars.example before signing certs with your CA. This will allow you to use `--ns-cert-type` with OpenVPN. 18 24 19 25 == PKI procedure: using a separate CA system ==