Hi,

On Thu, Nov 06, 2014 at 11:13:31AM +0100, j.witvl...@mindef.nl wrote:
> Where & when is the relationship between the URL of the vpn-server tested? 
> During server-startup?

Nowhere.  We don't care about the DNS name pointing to the VPN server.

Thing is, we hold a CA certificate that will tell us whether the certificate
is valid.  If you want to be sure that you're talking to the *right* server
(the CA might have issued multiple server certificates, and one of them
got stolen, or such) you can use

--verify-x509-name <cn in server cert>

to double-check that.

> Is this proper behavior?

Yes.  DNS is irrelevant, you might be connecting to an IP address :-)

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             g...@greenie.muc.de
fax: +49-89-35655025                        g...@net.informatik.tu-muenchen.de

Attachment: pgp_8PAMxlPv_.pgp
Description: PGP signature

------------------------------------------------------------------------------
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to