| David Goodenough 2006-05-04, 1:11 am |
| The situation I have is one of omplete control of both the server and
the one client that will connect to it. It's what I know as a
"road-warrior" seup: I have my notbook connected to my LAN while I'm
at home, I'd like to be able to connect to the LAN when I'm out on the
road. Both systems are running Windows XP SP2, if it makes a
difference.
I drilled exactly one hole in my firewall: port 1999, and I've got
openvpn set up so that laptop connects to server using tcp port 1999.
That's all working just fine. 1999 was selected somewhat arbitrarily,
and can easilt be changed if there's a good reason to do so.
My limited understanding is that I can guarantee (*) the integrity of
my connection if both ends verify that the certificate presented by
the other end is signed by the same CA as generated the ca.crt. What
does it take to ensure that OpenVPN will reject a connection with an
inappropriate certificate, i.e. one that does not bear the signatuure
of my CA. Or is there a better test?
(*) guarantee extends as far as can reasonably be expected. The NSA
can probably break in if they really wanted to, but some skript kiddie
two blocks from my house is pretty much out of luck.
Thanks in advance for any help.
|