OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

change tls-crypt to tls-auth

https://forums.openvpn.net/viewtopic.php?t=29575

Page 1 of 1

change tls-crypt to tls-auth

Posted: Thu Jan 30, 2020 6:10 pm
by khashayar-kz
hi im developing an android app and my problem is that my API doesnt support tls-crypt and i have to change from tls-crypt to tls-auth
you would be helping me alot if you show me wich lines i have to change

so this is my server.conf

Code: Select all

dev tun
proto udp
port ****
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/pihole-dns_8e4cfd91-22bb-43cd-883a-2b8b8f5af0ed.crt
key /etc/openvpn/easy-rsa/pki/private/pihole-dns_8e4cfd91-22bb-43cd-883a-2b8b8f5af0ed.key
dh none
ecdh-curve prime256v1
topology subnet
server 10.8.0.0 255.255.255.0
# Set your primary domain name server address for clients
push "dhcp-option DNS 10.8.0.1"
push "block-outside-dns"
push "route ******"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
#push "redirect-gateway def1"
client-to-client
keepalive 15 120
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
user openvpn
group openvpn
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 3
#DuplicateCNs allow access control on a less-granular, per user basis.
#Remove # if you will manage access by user instead of device.
#duplicate-cn
# Generated for use by PiVPN.io
my client ovpn

Code: Select all

client
dev tun
proto udp
remote *******
resolv-retry infinite
nobind
remote-cert-tls server
tls-version-min 1.2
verify-x509-name pihole-dns_8e4cfd91-22bb-43cd-883a-2b8b8f5af0ed name
cipher AES-256-CBC
auth SHA256
auth-nocache
verb 3
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
<ca>
-----BEGIN CERTIFICATE-----
********
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
********
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
********
-----END ENCRYPTED PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
*******
-----END OpenVPN Static key V1-----
</tls-crypt>

Re: change tls-crypt to tls-auth

Posted: Fri Jan 31, 2020 1:48 am
by TinCanTech
I think there is a vi script on google.

Re: change tls-crypt to tls-auth

Posted: Mon Feb 03, 2020 2:32 pm
by 300000
if you want to charge it so just do like this

on your server config as

Code: Select all

< tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
*******
-----END OpenVPN Static key V1-----
< tls-auth>
key-direction 0

Code: Select all

on the client config charge as 

< tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
*******
-----END OpenVPN Static key V1-----
< tls-auth> 
key-direction 1
make sure add key direction as it need that to works.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/