|
|
> > Are you specifying Verisign's certificate chain in > the "ca" option? > > OpenVPN is not hardcoded (unlike web browsers) with > any public CA root > certificates, so make sure you specify them. > > James > > Well, I specified ca certificate, otherwise I would not be able even to come to the point where tls_verify is invoked. According to man pages, tls_verify is the last step of authentication, after all other checks pass succesfuly. If you want, I can generate for you one certificate, private key and send together with CA certificate, so you can check it yourself. Vladimir P.S. TCP server mode is great! If we solve this small problem here, and other one I described in post about "tls_verify problem", it can easily happen that in few months I report you how server mode works with 100+ clients :) __________________________________ Do you Yahoo!? Yahoo! Mail Address AutoComplete - You start. We finish. http://promotions.yahoo.com/new_mail |