Welcome, Guest. Please login or register.
Did you miss your activation email?
Thursday 05 December 2024, 04:52:46 pm

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  VPN Support
| | |-+  WARNING about Man in the middle attack (mitm)
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: WARNING about Man in the middle attack (mitm)  (Read 14781 times)
kashif_max
Jr. Member
*
Offline Offline

Posts: 4


« on: Monday 01 June 2015, 08:35:27 pm »

Hi,
Running EFW (2.5) since a long time and working smoothly.

I almost rarely check OpenVPN server's log file but recently someone showed me this warning (OpenVPN client's log file).

Code:
WARNING: No server certificate verification method has been enabled see "openvpn.net/index.php/open-source/documentation/howto.html#mitm".

Then I checked server log file.

Code:
WARNING: file "/var/efw/openvpn/pkcs12.p12" is group or others accessible
WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate

Did anyone noticed on EFW 2.5 or EFW 3.0?

Should I really care about those warnings? How can I do it to prevent them?

Thank you
Logged
kashif_max
Jr. Member
*
Offline Offline

Posts: 4


« Reply #1 on: Monday 01 June 2015, 08:39:42 pm »

Using PSK (username and password) method for OpenVPN.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.047 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com