tls-auth works with broken key

Scripts to manage certificates or generate config files
Post Reply
gunner47300
OpenVpn Newbie
Posts: 2
Joined: Mon Sep 27, 2021 11:29 am

tls-auth works with broken key

Post by gunner47300 » Mon Sep 27, 2021 1:39 pm

Hi, I have created openvpn serwer with following config:

Code: Select all

mode server

askpass /etc/openvpn/dane

cipher AES-256-GCM
sndbuf 512000
rcvbuf 512000
txqueuelen 2000
push "sndbuf 512000"
push "rcvbuf 512000"

port 111
proto udp4
dev tun1
client-config-dir 	/etc/openvpn/server/clients_openvpn
ca			/etc/openvpn/server/ca.crt
cert			/etc/openvpn/server/server.crt
key			/etc/openvpn/server/server.key
dh			/etc/openvpn/server/dh.pem


tls-server
tls-auth /etc/openvpn/server/myvpn.tlsauth
key-direction 0

topology subnet
push "topology subnet"
ifconfig 192.168.98.1 255.255.255.0
push "route 192.168.99.0 255.255.255.0"
push "route-gateway 192.168.98.1"
ifconfig-pool 192.168.98.130 192.168.98.199

keepalive 10 120

user nobody
group nogroup

persist-key
persist-tun

status /tmp/openvpn-status.log

verb 3

log-append /tmp/openvpn.log
client config:

Code: Select all

client
remote xxx 111
proto udp4
dev tun
verb 3
keepalive 10 120
key-direction 1
<ca>
</ca>
<cert>
</cert>
<key>
</key>
<tls-auth>
</tls-auth>
It works fine, the problem is that if I change content of <tls-auth> on the client side, for example change last letter connection still works. Even if I change all line I can connect to VPN and SSH via this connection. Do I miss something? I thought that those keys must match, and even small change should broke connection.
Last edited by gunner47300 on Mon Sep 27, 2021 5:55 pm, edited 1 time in total.

User avatar
TinCanTech
Forum Team
Posts: 9931
Joined: Fri Jun 03, 2016 1:17 pm

Re: tsl-auth works with broken key

Post by TinCanTech » Mon Sep 27, 2021 2:27 pm

gunner47300 wrote:
Mon Sep 27, 2021 1:39 pm
the problem is that if I change content of <tls-auth> on the client side, for example change last letter connection still works
Not all the characters in the file are used, so this is expected.

gunner47300
OpenVpn Newbie
Posts: 2
Joined: Mon Sep 27, 2021 11:29 am

Re: tsl-auth works with broken key

Post by gunner47300 » Mon Sep 27, 2021 5:06 pm

Is random part used or there is there some pattern?

User avatar
Pippin
Forum Team
Posts: 1005
Joined: Wed Jul 01, 2015 8:03 am

Re: tls-auth works with broken key

Post by Pippin » Mon Sep 27, 2021 6:55 pm


Post Reply