Hi, On Thu, Nov 06, 2014 at 11:13:31AM +0100, j.witvl...@mindef.nl wrote: > Where & when is the relationship between the URL of the vpn-server tested? > During server-startup?
Nowhere. We don't care about the DNS name pointing to the VPN server. Thing is, we hold a CA certificate that will tell us whether the certificate is valid. If you want to be sure that you're talking to the *right* server (the CA might have issued multiple server certificates, and one of them got stolen, or such) you can use --verify-x509-name <cn in server cert> to double-check that. > Is this proper behavior? Yes. DNS is irrelevant, you might be connecting to an IP address :-) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgp_8PAMxlPv_.pgp
Description: PGP signature
------------------------------------------------------------------------------
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users