No server certificate verification method has been enabled

Got a problem with Viscosity or need help? Ask here!

HarvMan

Posts: 3
Joined: Mon Jan 23, 2012 12:28 am

Post by HarvMan » Mon Jan 23, 2012 12:58 am
Using Viscosity 1.3.5 (1120) to connect to OpenVPN 2.2.2 on a Synology DS712+ NAS.

Able to connect to VPN for file access and web browsing, no problems at all. However, the OpenVPN log shows "WARNING: No server certificate verification method has been enabled."

Also, how do I resolve subnet issue: "WARNING: potential route subnet conflict between local LAN [192.168.1.0/255.255.255.0] and remote VPN [192.168.1.0/255.255.255.0]"

(OpenVPN log - IP's etc removed)
Code: Select all
Jan 21 17:28:59: Viscosity 1.3.5 (1120)
Jan 21 17:28:59: Checking reachability status of connection...
Jan 21 17:29:01: Connection is reachable. Starting connection attempt.
Jan 21 17:29:02: OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Jan  4 2012
Jan 21 17:29:28: IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Jan 21 17:29:28: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Jan 21 17:29:28: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 21 17:29:29: LZO compression initialized
Jan 21 17:29:29: UDPv4 link local (bound): [undef]:1194
Jan 21 17:29:29: UDPv4 link remote: xx.xx.xx.xx:1194
Jan 21 17:29:29: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Jan 21 17:29:29: [Snake_Oil_CA] Peer Connection Initiated with xx.xx.xx.xx:1194
Jan 21 17:29:31: TAP-WIN32 device [xxxxxxxxxx] opened: \\.\Global\{65963BF4-6A50-45C7-A0E2-510CCDAB42D1}.tap
Jan 21 17:29:31: Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {65963BF4-6A50-45C7-A0E2-510CCDAB42D1} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Jan 21 17:29:31: Successful ARP Flush on interface [65541] {65963BF4-6A50-45C7-A0E2-510CCDAB42D1}
Jan 21 17:29:36: WARNING: potential route subnet conflict between local LAN [192.168.1.0/255.255.255.0] and remote VPN [192.168.1.0/255.255.255.0]

James

User avatar
Posts: 1890
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Wed Jan 25, 2012 4:01 pm
Hi HarvMan,

It's typically safe to ignore the "WARNING: No server certificate verification method has been enabled" message. It means you don't have the "Require Server nsCertType" option turned on (under the Options tab when editing your connection). You can try turning it on, however the OpenVPN server must have been configured correctly for it to work.

As for the subnet conflict, please see the following support article. While it was originally written for the Mac version, it also applies for Windows users: http://www.thesparklabs.com/support/los ... tivity_on/

Cheers,
James
James Bekkema
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
2 posts Page 1 of 1