My question is about how an SSL VPN connection such as OpenVPN is protected against MITM/Spoofing attacks on a public Wifi.
For example, if somebody has a 'pineapple' or router setup as a honeypot gateway acting as a proxy does the act of authentication between the client and OpenVPN server protect it from spoofing or MITM. Does the initial authentication using TLS and the exchange of server public key (certificate) and comparison between that and the CA certificate already stored on the clients device identify whether the OpenVPN server is who it actually says it is?
If I have got that wrong can somebody explain the process and if it is correct is there any other point along the handshake that is susceptible to MITM attacks?
Thank you all