Common name


Junior Member
It appears someone is performing a MLM with my vpn connection. I recently had strange things happen to me for example I order something but the address ended up wrong when I checked twice to make sure. I also been getting redirects.
It appears if there isn't a common name check with openvpn a MLM can be performed.

"Someone else can't just copy your certificate and use it because they don't have your private key.

If you don't check that the certificate's CN doesn't match the domain name then they can simply create their own certificate (and have it signed by a trusted CA so it looks valid), use it in place of yours, and perform a man in the middle attack.

Also, you need to be checking that the certificate comes from a trusted CA. It's the CA's job to make sure that you can only get a certificate with the CN= if you actually control that domain.

If you skip either of these checks then you are at risk of a MITM attack.

See also this answer for a different approach that will work if you have sufficient control over the client."