diff options
author | Steffan Karger <steffan.karger@fox-it.com> | 2015-02-22 15:11:08 +0100 |
---|---|---|
committer | Gert Doering <gert@greenie.muc.de> | 2015-02-22 17:19:23 +0100 |
commit | 513eef4884c9be1fd31ba676dfe34d91a4ce6141 (patch) | |
tree | d5b08e43155abf20c15c8bb242e38cba17f30b08 | |
parent | 0b1a68fffa33e175c320c2828604cdc7dfb097e7 (diff) | |
download | openvpn-513eef4884c9be1fd31ba676dfe34d91a4ce6141.tar.gz openvpn-513eef4884c9be1fd31ba676dfe34d91a4ce6141.tar.xz openvpn-513eef4884c9be1fd31ba676dfe34d91a4ce6141.zip |
Use tls-auth in sample config files
For two reasons:
1) May motivate people to use tls-auth in their setups
2) Verify tls-auth functionality when running 'make check'
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1424614268-5078-1-git-send-email-steffan.karger@fox-it.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9467
Signed-off-by: Gert Doering <gert@greenie.muc.de>
-rw-r--r-- | sample/sample-config-files/client.conf | 2 | ||||
-rw-r--r-- | sample/sample-config-files/loopback-client | 1 | ||||
-rw-r--r-- | sample/sample-config-files/loopback-server | 1 | ||||
-rw-r--r-- | sample/sample-config-files/server.conf | 2 | ||||
-rwxr-xr-x | sample/sample-keys/gen-sample-keys.sh | 3 | ||||
-rw-r--r-- | sample/sample-keys/ta.key | 21 |
6 files changed, 28 insertions, 2 deletions
diff --git a/sample/sample-config-files/client.conf b/sample/sample-config-files/client.conf index 050ef60..fedcbd6 100644 --- a/sample/sample-config-files/client.conf +++ b/sample/sample-config-files/client.conf @@ -105,7 +105,7 @@ remote-cert-tls server # If a tls-auth key is used on the server # then every client must also have the key. -;tls-auth ta.key 1 +tls-auth ta.key 1 # Select a cryptographic cipher. # If the cipher option is used on the server diff --git a/sample/sample-config-files/loopback-client b/sample/sample-config-files/loopback-client index ebbd1cf..7117307 100644 --- a/sample/sample-config-files/loopback-client +++ b/sample/sample-config-files/loopback-client @@ -21,5 +21,6 @@ remote-cert-tls server ca sample-keys/ca.crt key sample-keys/client.key cert sample-keys/client.crt +tls-auth sample-keys/ta.key 1 ping 1 inactive 120 10000000 diff --git a/sample/sample-config-files/loopback-server b/sample/sample-config-files/loopback-server index 8cb97be..8e1f39c 100644 --- a/sample/sample-config-files/loopback-server +++ b/sample/sample-config-files/loopback-server @@ -21,5 +21,6 @@ dh sample-keys/dh2048.pem ca sample-keys/ca.crt key sample-keys/server.key cert sample-keys/server.crt +tls-auth sample-keys/ta.key 0 ping 1 inactive 120 10000000 diff --git a/sample/sample-config-files/server.conf b/sample/sample-config-files/server.conf index 701be3c..c85ca0f 100644 --- a/sample/sample-config-files/server.conf +++ b/sample/sample-config-files/server.conf @@ -241,7 +241,7 @@ keepalive 10 120 # a copy of this key. # The second parameter should be '0' # on the server and '1' on the clients. -;tls-auth ta.key 0 # This file is secret +tls-auth ta.key 0 # This file is secret # Select a cryptographic cipher. # This config item must be copied to diff --git a/sample/sample-keys/gen-sample-keys.sh b/sample/sample-keys/gen-sample-keys.sh index 414687e..725cfc9 100755 --- a/sample/sample-keys/gen-sample-keys.sh +++ b/sample/sample-keys/gen-sample-keys.sh @@ -14,6 +14,9 @@ then exit 1 fi +# Generate static key for tls-auth (or static key mode) +$(dirname ${0})/../../src/openvpn/openvpn --genkey --secret ta.key + # Create required directories and files mkdir -p sample-ca rm -f sample-ca/index.txt diff --git a/sample/sample-keys/ta.key b/sample/sample-keys/ta.key new file mode 100644 index 0000000..1669036 --- /dev/null +++ b/sample/sample-keys/ta.key @@ -0,0 +1,21 @@ +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +a863b1cbdb911ff4ef3360ce135157e7 +241a465f5045f51cf9a92ebc24da34fd +5fc48456778c977e374d55a8a7298aef +40d0ab0c60b5e09838510526b73473a0 +8da46a8c352572dd86d4a871700a915b +6aaa58a9dac560db2dfdd7ef15a202e1 +fca6913d7ee79c678c5798fbf7bd920c +caa7a64720908da7254598b052d07f55 +5e31dc5721932cffbdd8965d04107415 +46c86823da18b66aab347e4522cc05ff +634968889209c96b1024909cd4ce574c +f829aa9c17d5df4a66043182ee23635d +8cabf5a7ba02345ad94a3aa25a63d55c +e13f4ad235a0825e3fe17f9419baff1c +e73ad1dd652f1e48c7102fe8ee181e54 +10a160ae255f63fd01db1f29e6efcb8e +-----END OpenVPN Static key V1----- |