OpenVPN Man-in-the-Middle protection

If you examine your OpenVPN client login log and find the below passage, then you lack Man-in-the-Middle (MitM) protection.

WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

If you used the “build-key-server server” command when you generated your OpenVPN server certificate and key, then adding MitM protection will be easy. All you have to do is to add the following text to your OpenVPN client config file(s):

remote-cert-tls server

Leave a Reply