Does anybody know how VPN client verifies the server to be the one it
should be? Is it possible to enforce client to verify certificates provided
by the server to be trusted before proceding with nmas authentication?

As I found in documentation when Certificate method is used we can provide
Trusted Root certificate (as I understand for verification purpose). But
first of all it's optional... and what about NMAS? How does client trust

Alexi Volkov