DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
Open VPN "No server certificate verification
- drgr33n
- Offline
- New Member
Less
More
- Posts: 4
- Thank you received: 0
25 Mar 2019 14:40 #94286
by drgr33n
Replied by drgr33n on topic Re: Open VPN "No server certificate verification
No problem Tularis,
I'm not aware of a way to suppress this warning client side. Draytek should really support the usage of tls-auth and make it part of the default setup. This is a warning though and not an error so it won't affect the connection. If you're failing to get a connection, it's probably not due to this warning. I've also noticed the guide makes you setup 256bit keys then tells you to set up the router to use 128bit keys. This causes an SSL mismatch and the connection craps out. Like I said IMHO it's not production ready atm or even fit for purpose and should be offered as an experimental feature.
Hope this helps.
I'm not aware of a way to suppress this warning client side. Draytek should really support the usage of tls-auth and make it part of the default setup. This is a warning though and not an error so it won't affect the connection. If you're failing to get a connection, it's probably not due to this warning. I've also noticed the guide makes you setup 256bit keys then tells you to set up the router to use 128bit keys. This causes an SSL mismatch and the connection craps out. Like I said IMHO it's not production ready atm or even fit for purpose and should be offered as an experimental feature.
Hope this helps.
Please Log in or Create an account to join the conversation.
- fishenchips
- Offline
- Junior Member
Less
More
- Posts: 11
- Thank you received: 0
26 Mar 2019 16:20 #94299
by fishenchips
Replied by fishenchips on topic Re: Open VPN "No server certificate verification
Hi drgr33n.Thanks for your informative post. Yeah, I get signing the both the server AND client cert with the root ca ticket if the server isn't a sub-ca to the root ca with the client cert at the bottom of the chain. Which is presumably why tagging the client cert as an endpoint also doesn't help (as the server hasn't signed the client cert) ?
I'm no expert (obviously) but am spotting all sorts of QA\verification issues the further I delve into the 'feature' set. I do wonder if DV actually undertake any sort of UAT with the more knowledgeable people (like yourself) whose day to day jobs involve utilising their kit.
Might have to go back to looking at Sophos UTM in the interim.
I'm no expert (obviously) but am spotting all sorts of QA\verification issues the further I delve into the 'feature' set. I do wonder if DV actually undertake any sort of UAT with the more knowledgeable people (like yourself) whose day to day jobs involve utilising their kit.
Might have to go back to looking at Sophos UTM in the interim.
Please Log in or Create an account to join the conversation.
- ceejay13
- Offline
- New Member
Less
More
- Posts: 7
- Thank you received: 0
05 Apr 2019 07:55 #94339
by ceejay13
CeeJay
Replied by ceejay13 on topic Re: Open VPN "No server certificate verification
Hi,
Vigor 2762 ac
3.9.0 BT
Just to add my voice to this thread.
Just wasted best part of a day trying to get the openVPN connection running, and get the same error. Confirm nothing shows in the logs.
After reading this, I think the best thing, unfortunately, is to go back to my original configuration. More than a little annoying. Features need to be fully functional, or, at least marked as experimental, before being released.
Vigor 2762 ac
3.9.0 BT
Just to add my voice to this thread.
Just wasted best part of a day trying to get the openVPN connection running, and get the same error. Confirm nothing shows in the logs.
After reading this, I think the best thing, unfortunately, is to go back to my original configuration. More than a little annoying. Features need to be fully functional, or, at least marked as experimental, before being released.
CeeJay
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek