Table of contents

2.3 Server Authentication

    Table of contents
    You are currently comparing two old versions - only when you are comparing against the latest version can you revert. Return to version archive.

    Combined revision comparison

    Comparing version 16:19, 4 Mar 2013 by yagi with version 18:49, 21 Apr 2014 by yamame.

    This section contains a description of the method of authenticating VPN client computers that connect to the SoftEther VPN Server in the previous item 2.2 User Authentication. Server authentication is oppositely the function whereby the VPN Server verifies that the VPN client computer (VPN client or VPN Server / VPN Bridge that conducts cascade connection) that attempts to connect to the SoftEther VPN Server is authentic. Normaly this function is off by default. AlthoughBecause  server authentication is not needed for conventional operation, it is off by default, but can be enabled for each client connection setting or cascade connection setting.

    ...

    This is called "direct attack", "directattack, man in the middle attack" or "orperson in the middle attack".. Because of the enormous amount of traffic on the backbone of the Internet, realistically speaking, it is difficult to install special software on the backbone to conduct these attacks, but such attacks have succeeded in parts of network branches where throughput is not so high.

    ...

    Server individual certificate authentication is an authentication method whereby the X.509 certificate of the connection destination VPN Server is registered for each connection setting to VPN Server and connection to the VPN Server continues only when the certificate presented by the VPN Server when connecting matches the certificated registered in advance perfectly, and if not the connection will be. If not the connection is cut off.

    ...

    Version from 16:19, 4 Mar 2013

    This revision modified by yagi (Ban)

    This section contains a description of the method of authenticating VPN client computers that connect to the SoftEther VPN Server in the previous item 2.2 User Authentication. Server authentication is oppositely the function whereby the VPN Server verifies that the VPN client computer (VPN client or VPN Server / VPN Bridge that conducts cascade connection) that attempts to connect to the SoftEther VPN Server is authentic. Because server authentication is not needed for conventional operation, it is off by default, but can be enabled for each client connection setting or cascade connection setting.

    ...

    This is called direct attack, man in the middle attack or person in the middle attack. Because of the enormous amount of traffic on the backbone of the Internet, realistically speaking, it is difficult to install special software on the backbone to conduct these attacks, but such attacks have succeeded in parts of network branches where throughput is not so high.

    ...

    Server individual certificate authentication is an authentication method whereby the X.509 certificate of the connection destination VPN Server is registered for each connection setting to VPN Server and connection to the VPN Server continues only when the certificate presented by the VPN Server when connecting matches the certificated registered in advance perfectly. If not the connection is cut off.

    ...

    Version as of 18:49, 21 Apr 2014

    This revision modified by yamame (Ban)

    This section contains a description of the method of authenticating VPN client computers that connect to the SoftEther VPN Server in the previous item 2.2 User Authentication. Server authentication is oppositely the function whereby the VPN Server verifies that the VPN client computer (VPN client or VPN Server / VPN Bridge that conducts cascade connection) that attempts to connect to the SoftEther VPN Server is authentic. Normaly this function is off by default. Although server authentication is not needed for conventional operation, it can be enabled for each client connection setting or cascade connection setting.

    ...

    This is called "direct attack", "man in the middle attack" or "person in the middle attack". Because of the enormous amount of traffic on the backbone of the Internet, realistically speaking, it is difficult to install special software on the backbone to conduct these attacks, but such attacks have succeeded in parts of network branches where throughput is not so high.

    ...

    Server individual certificate authentication is an authentication method whereby the X.509 certificate of the connection destination VPN Server is registered for each connection setting to VPN Server and connection to the VPN Server continues only when the certificate presented by the VPN Server when connecting matches the certificated registered in advance perfectly, and if not the connection will be cut off.

    ...