Skip to content

Commit

Permalink
fix: use tls crypt instead of tls auth
Browse files Browse the repository at this point in the history
  • Loading branch information
BirdDev committed Nov 22, 2022
1 parent c6c7b74 commit 2c43248
Show file tree
Hide file tree
Showing 3 changed files with 5 additions and 5 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -193,7 +193,7 @@ of a guarantee in the future.
* Proper PKI support integrated into image
* OpenVPN config files, PKI keys and certs are stored on a storage
volume for re-use across containers
* Addition of tls-auth for HMAC security
* Addition of tls-crypt for security & censorship circumvention in some regions

## Originally Tested On

Expand Down
2 changes: 1 addition & 1 deletion bin/ovpn_genconfig
Original file line number Diff line number Diff line change
Expand Up @@ -324,7 +324,7 @@ key $EASYRSA_PKI/private/${OVPN_CN}.key
ca $EASYRSA_PKI/ca.crt
cert $EASYRSA_PKI/issued/${OVPN_CN}.crt
dh $EASYRSA_PKI/dh.pem
tls-auth $EASYRSA_PKI/ta.key
tls-crypt $EASYRSA_PKI/ta.key
key-direction 0
keepalive $OVPN_KEEPALIVE
persist-key
Expand Down
6 changes: 3 additions & 3 deletions bin/ovpn_getclient
Original file line number Diff line number Diff line change
Expand Up @@ -59,16 +59,16 @@ $(openssl x509 -in $EASYRSA_PKI/issued/${cn}.crt)
$(cat $EASYRSA_PKI/ca.crt)
</ca>
key-direction 1
<tls-auth>
<tls-crypt>
$(cat $EASYRSA_PKI/ta.key)
</tls-auth>
</tls-crypt>
"
elif [ "$mode" == "separated" ]; then
echo "
key ${cn}.key
ca ca.crt
cert ${cn}.crt
tls-auth ta.key 1
tls-crypt ta.key 1
"
fi

Expand Down

0 comments on commit 2c43248

Please sign in to comment.