Page 1 of 1
Easy-TLS a.k.a. easytls
Posted: Sun Mar 28, 2021 3:38 am
by TinCanTech
Welcome to Easy-TLS for OpenVPN
Where to find Easy-TLS:
https://github.com/TinCanTech/easy-tls
Howto install Easy-TLS:
Copy this file to your Easy-RSA3 working directory.
https://github.com/TinCanTech/easy-tls/ ... er/easytls
Howto use Easy-TLS:
- *nix:
- ./easytls init-tls
- ./easytls build
- ./easytls inline
- ./easytls remove
- Windows:
- Start the Easy-RSA Shell by opening EasyRSA-Start.bat
- And do as for *nix above.
- And walk through the inter-active menus.
Easy-TLS also includes server-side scripts and an inter-active menu to configure that as well.
If you have any questions then please ask.
Re: Easy-TLS a.k.a. easytls
Posted: Fri Feb 25, 2022 4:51 am
by stevekhoa
I git this ussue
# ./easytls init-tls
Missing: C:/Progra~1/Openvpn/bin/.exe
Missing: C:/Progra~1/Openvpn/bin/.exe
Re: Easy-TLS a.k.a. easytls
Posted: Fri Feb 25, 2022 4:39 pm
by TinCanTech
I have committed ecfc8ea5e8ca999c910f78225e2a5ddd5601e705, which should fix that.
Re: Easy-TLS a.k.a. easytls
Posted: Mon Oct 17, 2022 1:23 pm
by heavenlyhost
I think this is a tremendously useful tool. However, I have not been able to create a server specific client key with it. What I mean is that it is possible to create multiple server keys but when it comes to generating client keys, for example, Client1 which has a key generated for Server A which work only for server A. If I attempt to create a key for Client1 for use on Server B it throws an error because the filename already exist. The issue is that keys generated for Server A are not compatible with Server B. I am not sure why this is so but creating a secondary Easy-Rsa CA solves the issue for me. CA's for each server is not practical. If I am missing something please let me know what it is. I also get errors using ./easytls remove.
Re: Easy-TLS a.k.a. easytls
Posted: Mon Oct 17, 2022 2:00 pm
by TinCanTech
If you are using a --
tls-crypt-v2 server key then you can use that on many servers, not just a single server.
If you have a github account then you can post issues here:
https://github.com/TinCanTech/easy-tls/issues
Re: Easy-TLS a.k.a. easytls
Posted: Fri Jul 21, 2023 2:02 am
by Alex33
EasyRSA Shell
# ./easytls init-tls
Missing: c:/Progra~1/Openvpn/easy-rsa/bin
Missing: c:/Progra~1/Openvpn/easy-rsa/bin
Missing: c:/Progra~1/Openvpn/easy-rsa/bin/cat.exe
Missing: c:/Progra~1/Openvpn/easy-rsa/bin/date.exe
Missing: c:/Progra~1/Openvpn/easy-rsa/bin/grep.exe
Missing: c:/Progra~1/Openvpn/easy-rsa/bin/ls.exe
Missing: c:/Progra~1/Openvpn/easy-rsa/bin/mv.exe
Missing: c:/Progra~1/Openvpn/easy-rsa/bin/sed.exe
Missing: c:/Progra~1/Openvpn/easy-rsa/bin/printf.exe
Windows file setup error!
Everything is in "OpenVPN" sub-folder. I don't have "Openvpn"
Also, i am using EasyRSA-3.1.5, in "EasyRSA-3.1.5" sub-folder, not "easy-rsa" as outputted.
I copied "easylts" file (255KB) to ~/OpenVPN/EasyRSA-3.1.5 were "easyrsa" file is located.
Interestingly, all those missing *.exe file are located in ~/OpenVPN/EasyRSA-3.1.5/bin
SOLVED:
Just edit "easytls" file
Re: Easy-TLS a.k.a. easytls
Posted: Mon Jan 06, 2025 10:36 pm
by Helix751
After an extensive trial-and-error process I can confirm (at last!) Easy-TLS v2.7.0 isn't compatible with OpenSSL versions above 3.0. It doesn't work with v3.2, 3.3 or 3.4 and exits with error.
Also, I found Easy-TLS doesn't like DLL-dependency compiled OpenSSL binaries. OpenSSL binaries compiled without dependencies do indeed work (up to OpenSSL v3.0.15).
Got the binaries from here:
https://kb.firedaemon.com/support/solut ... 4000121705
Re: Easy-TLS a.k.a. easytls
Posted: Mon Jan 06, 2025 11:04 pm
by Helix751
Alex33 wrote: ↑Fri Jul 21, 2023 2:02 am
SOLVED:
Just edit "easytls" file
Imho this shouldn't be necessary. A "user-config" file would be much better.
I opted to symlink the strictly required openssl files (openssl.exe, libssl-3-x64.dll, libcrypto-3-x64.dll) to the required folders, namely 'c:\program files\openvpn\bin' and 'c:\easy-rsa'