Replies: 10 comments 2 replies
-
With only the smallest effort on your part, you can use TLS-Crypt-V2 right now. And with even less effort than that, you can use: https://github.com/TinCanTech/easy-tls |
Beta Was this translation helpful? Give feedback.
-
what command should i enter? I just don't really understand ? |
Beta Was this translation helpful? Give feedback.
-
If you need help with Easy-TLS then please open an issue here |
Beta Was this translation helpful? Give feedback.
-
Yes, it would be great to support tls-cryptv2 for those of us who do not know much, it does not seem so easy to incorporate it, or at least perhaps a small step-by-step tutorial would be of great help. |
Beta Was this translation helpful? Give feedback.
-
Simple steps: Download https://github.com/TinCanTech/easy-tls/ ... er/easytls Then run: CODE: SELECT ALL ./easytls # Read the instructions ./easytls init-tls # Read the output ./easytls help build-tls-crypt-v2-server # Read the instructions ./easytls build-tls-crypt-v2-server server-name # Read the output ./easytls help build-tls-crypt-v2-client # Read the instructions ./easytls build-tls-crypt-v2-client server-name client-name # Read the output That will create TLS-Crypt-V2 keys. Now you can try: CODE: SELECT ALL ./easytls inline-tls-crypt-v2 server-name ./easytls inline-tls-crypt-v2 client-name ls -l pki/easytls |
Beta Was this translation helpful? Give feedback.
-
I have written a quick start guide for Easy-TLS: Note: Easy-TLS also comes with inter-active menus, which means you don't even need to know the specific commands to use it. The only command required then is |
Beta Was this translation helpful? Give feedback.
-
Thanks. I have followed all of this to update my existing config with tls-crypt v1, my question is: after all this should any change be made in the client part? |
Beta Was this translation helpful? Give feedback.
-
Questions regarding Easy-TLS should go here: I'll add these details here for convenience, regarding the use of TLS-Crypt-V2 keys:
I have added these details to the Easy-TLS Wiki |
Beta Was this translation helpful? Give feedback.
-
I still do not see clearly how I add the file. inline to my client's .ovpn
El lun., 23 ago. 2021 19:09, TinCanTech ***@***.***> escribió:
… Questions regarding Easy-TLS should go here:
https://github.com/TinCanTech/easy-tls/issues
I'll add these details here for convenience, regarding the use of
TLS-Crypt-V2 keys:
- OpenVPN allows the server to use both TLS-Auth or TLS-Crypt and
TLS-Crypt-v2 together.
That means: (TLS-Auth OR TLS-Crypt) AND TLS-Crypt-V2.
- This means that, if you continue to use the original TLS-Auth/Crypt
key in your server config
then the server can support all the original clients and clients which
you migrate to TLS-Crypt-V2,
on one server instance. This helps you migrate your clients to new
keys, if you choose to do so.
- In order to migrate your clients to use TLS-Crypt-V2, simply
generate the required keys.
Use ./easytls build inter-active menu. i. A Server TLS-Crypt-V2 key
ii. multiple client TLS-Crypt-V2 keys.
- Next, generate inlinepackages for your server and clients. Use ./easytls
inline inter-active menu.
- Reference your server inline file in the server config with an
option like so:
config /etc/opevpn/easyrsa/pki/easytls/server.inline - This loads all
the required keys and certificates of your server. Restart your server and
correct any errors.
- With regard to your clients, you must send them their inline
packages over a secure method, eg: scp
Have the clients reference their inline package in the same way as the
server.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#889 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AGGSCCWLJMM7AT6Y5REORN3T6J6F7ANCNFSM5CD7N4MA>
.
|
Beta Was this translation helpful? Give feedback.
-
Please open an issue in the correct repository. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Tell me there will be support for tls-crypt-v2 ???
Beta Was this translation helpful? Give feedback.
All reactions