The client config contains the remote-cert-tls option to check for appropriate key usage, let's do this for the server config too.

2024-12-18 19:00:15 +00:00 · 2017-09-22 03:30:14 -05:00 · 2017-09-22 03:30:14 -05:00 · a6058a1d14
commit a6058a1d14
parent d1652a03b1
1 changed files with 1 additions and 0 deletions
--- a/server_config.txt
+++ b/server_config.txt
@ -25,6 +25,7 @@ push "redirect-gateway def1"
 client-to-client
 duplicate-cn
 keepalive 10 120
+remote-cert-tls client
 tls-version-min 1.2
 tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
 cipher AES-256-CBC