Hi, On Thu, Nov 06, 2014 at 11:13:31AM +0100, j.witvl...@mindef.nl wrote: > Where & when is the relationship between the URL of the vpn-server tested? > During server-startup?
Nowhere. We don't care about the DNS name pointing to the VPN server.
Thing is, we hold a CA certificate that will tell us whether the certificate
is valid. If you want to be sure that you're talking to the *right* server
(the CA might have issued multiple server certificates, and one of them
got stolen, or such) you can use
--verify-x509-name <cn in server cert>
to double-check that.
> Is this proper behavior?
Yes. DNS is irrelevant, you might be connecting to an IP address :-)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgp_8PAMxlPv_.pgp
Description: PGP signature
------------------------------------------------------------------------------
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
