I'm trying to make an openvpn profile to connect to palo alto vpn. I know they have globalprotect for client side to connect, but it requires license. Plus, it is my understanding that openvpn clientside should be able to connect to it, so I haven been playing with a new configuration profile for macOS and ios, and so far, no luck to get connected.
here is the configuration i have for now
dev tun
proto tcp-client
remote xxxx.org 443
resolv-retry infinite
client
auth-user-pass
verify-client-cert optional
nobind
persist-key
persist-tun
remote-cert-tls server
comp-lzo
verb 3
route 10.0.80.177/32
and I keep getting error
Options error: --client-cert-not-required and --verify-client-cert require --mode server
I googled around but didnt find anything useful.
does anyone know how to fix this?
note: as testing, client certificate is set to optional or none and TLS 1.2 is mostly used for encryption, authentication is done by username and password
Best Answer
ok, kinda figured out, --verify-client-cert
it's actually for setting up server side profile. it's confusing though