1158 | | To avoid a possible Man-in-the-Middle attack where an authorized client tries to connect to another client by impersonating the server, make sure to enforce some kind of server certificate verification by clients. There are currently five different ways of accomplishing this, listed in the order of preference: |
1159 | | |
1160 | | 1. OpenVPN 2.1 and above: Build your server certificates with specific key usage and extended key usage. |
1161 | | |
1162 | | The RFC3280 determine that the following attributes should be provided for TLS connections: |
| 1158 | To avoid a possible Man-in-the-Middle attack where an authorized client tries to connect to another client by impersonating the server, make sure to enforce some kind of server certificate verification by clients. There are currently five different ways of accomplishing this, listed in the order of preference. |
| 1159 | |
| 1160 | Option 1 for OpenVPN 2.1 and above: build your server certificates with specific key usage and extended key usage. The RFC3280 determine that the following attributes should be provided for TLS connections: |
1191 | | Mode Key usage Extended key usage |
1192 | | Client digitalSignature TLS Web Client Authentication |
1193 | | keyAgreement |
1194 | | digitalSignature, keyAgreement |
1195 | | Server digitalSignature, keyEncipherment TLS Web Server Authentication |
1196 | | digitalSignature, keyAgreement |
1197 | | |
1198 | | You can build your server certificates with the build-key-server script (see the easy-rsa documentation for more info). This will designate the certificate as a server-only certificate by setting the right attributes. Now add the following line to your client configuration: |
1199 | | |
1200 | | remote-cert-tls server |
1201 | | |
1202 | | [OpenVPN 2.0 and below] Build your server certificates with the build-key-server script (see the easy-rsa documentation for more info). This will designate the certificate as a server-only certificate by setting nsCertType=server. Now add the following line to your client configuration: |
1203 | | |
| 1189 | You can build your server certificates with the build-key-server script (see the easy-rsa documentation for more info). This will designate the certificate as a server-only certificate by setting the right attributes. Now add the following line to your client configuration: |
| 1190 | {{{ |
| 1191 | remote-cert-tls server |
| 1192 | }}} |
| 1193 | Option 2, for OpenVPN 2.0 and below: Build your server certificates with the '''build-key-server''' script (see the easy-rsa documentation for more info). This will designate the certificate as a server-only certificate by setting '''nsCertType=server'''. Now add the following line to your client configuration: |
| 1194 | {{{ |
| 1195 | ns-cert-type server |
| 1196 | }}} |
| 1197 | This will block clients from connecting to any server which lacks the '''nsCertType=server''' designation in its certificate, even if the certificate has been signed by the '''ca''' file in the OpenVPN configuration file. |
| 1198 | |
| 1199 | Option 3: Use the '''tls-remote''' directive on the client to accept/reject the server connection based on the common name of the server certificate. |
| 1200 | |
| 1201 | Option 4: Use a '''tls-verify''' script or plugin to accept/reject the server connection based on a custom test of the server certificate's embedded X509 subject details. |
1205 | | |
1206 | | ns-cert-type server |
1207 | | |
1208 | | This will block clients from connecting to any server which lacks the nsCertType=server designation in its certificate, even if the certificate has been signed by the ca file in the OpenVPN configuration file. |
1209 | | Use the tls-remotedirective on the client to accept/reject the server connection based on the common name of the server certificate. |
1210 | | |
1211 | | |
1212 | | Use a tls-verifyscript or plugin to accept/reject the server connection based on a custom test of the server certificate's embedded X509 subject details. |
1213 | | |
1214 | | |
1215 | | Sign server certificates with one CA and client certificates with a different CA. The client configuration ca directive should reference the server-signing CA file, while the server configuration cadirective should reference the client-signing CA file. |
| 1203 | Option 5: Sign server certificates with one CA and client certificates with a different CA. The client configuration '''ca''' directive should reference the server-signing CA file, while the server configuration cadirective should reference the client-signing CA file. |