DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Open VPN "No server certificate verification

More
25 Mar 2019 14:40 #94286 by drgr33n
No problem Tularis,

I'm not aware of a way to suppress this warning client side. Draytek should really support the usage of tls-auth and make it part of the default setup. This is a warning though and not an error so it won't affect the connection. If you're failing to get a connection, it's probably not due to this warning. I've also noticed the guide makes you setup 256bit keys then tells you to set up the router to use 128bit keys. This causes an SSL mismatch and the connection craps out. Like I said IMHO it's not production ready atm or even fit for purpose and should be offered as an experimental feature.

Hope this helps.

Please Log in or Create an account to join the conversation.

More
26 Mar 2019 16:20 #94299 by fishenchips
Replied by fishenchips on topic Re: Open VPN "No server certificate verification
Hi drgr33n.Thanks for your informative post. Yeah, I get signing the both the server AND client cert with the root ca ticket if the server isn't a sub-ca to the root ca with the client cert at the bottom of the chain. Which is presumably why tagging the client cert as an endpoint also doesn't help (as the server hasn't signed the client cert) ?

I'm no expert (obviously) but am spotting all sorts of QA\verification issues the further I delve into the 'feature' set. I do wonder if DV actually undertake any sort of UAT with the more knowledgeable people (like yourself) whose day to day jobs involve utilising their kit.

Might have to go back to looking at Sophos UTM in the interim.

Please Log in or Create an account to join the conversation.

More
05 Apr 2019 07:55 #94339 by ceejay13
Hi,

Vigor 2762 ac
3.9.0 BT

Just to add my voice to this thread.

Just wasted best part of a day trying to get the openVPN connection running, and get the same error. Confirm nothing shows in the logs.

After reading this, I think the best thing, unfortunately, is to go back to my original configuration. More than a little annoying. Features need to be fully functional, or, at least marked as experimental, before being released.

CeeJay

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami