Red Hat Bugzilla – Bug 487124
No server certificate verification method has been enabled
Last modified: 2010-03-19 03:28:01 EDT
NetworkManager-openvpn does not check the server certificate. It is not possible to configure NetworkManager-openvpn to do so.
To reproduce, you have to connect via NetworkManager-openvpn to a VPN with certificates authorization. You will find the following information in /var/log/messages:
nm-openvpn: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Easiest fix should be using the option "remote-cert-tls server" when starting openvpn. See the link above above for more info.
The risk of this issue is, that a compromised client with a CA-signed certificate can fake being the server and do a MITM attack against other clients.
This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle.
Changing version to '11'.
More information and reason for this action is here:
The latest version of NetworkManager-openvpn has support for tls-remote.