tls-auth works with broken key
Posted: Mon Sep 27, 2021 1:39 pm
Hi, I have created openvpn serwer with following config:
client config:
It works fine, the problem is that if I change content of <tls-auth> on the client side, for example change last letter connection still works. Even if I change all line I can connect to VPN and SSH via this connection. Do I miss something? I thought that those keys must match, and even small change should broke connection.
Code: Select all
mode server
askpass /etc/openvpn/dane
cipher AES-256-GCM
sndbuf 512000
rcvbuf 512000
txqueuelen 2000
push "sndbuf 512000"
push "rcvbuf 512000"
port 111
proto udp4
dev tun1
client-config-dir /etc/openvpn/server/clients_openvpn
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/server.crt
key /etc/openvpn/server/server.key
dh /etc/openvpn/server/dh.pem
tls-server
tls-auth /etc/openvpn/server/myvpn.tlsauth
key-direction 0
topology subnet
push "topology subnet"
ifconfig 192.168.98.1 255.255.255.0
push "route 192.168.99.0 255.255.255.0"
push "route-gateway 192.168.98.1"
ifconfig-pool 192.168.98.130 192.168.98.199
keepalive 10 120
user nobody
group nogroup
persist-key
persist-tun
status /tmp/openvpn-status.log
verb 3
log-append /tmp/openvpn.log
Code: Select all
client
remote xxx 111
proto udp4
dev tun
verb 3
keepalive 10 120
key-direction 1
<ca>
</ca>
<cert>
</cert>
<key>
</key>
<tls-auth>
</tls-auth>