Scripts to manage certificates or generate config files
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
gunner47300
- OpenVpn Newbie
- Posts: 2
- Joined: Mon Sep 27, 2021 11:29 am
Post
by gunner47300 » Mon Sep 27, 2021 1:39 pm
Hi, I have created openvpn serwer with following config:
Code: Select all
mode server
askpass /etc/openvpn/dane
cipher AES-256-GCM
sndbuf 512000
rcvbuf 512000
txqueuelen 2000
push "sndbuf 512000"
push "rcvbuf 512000"
port 111
proto udp4
dev tun1
client-config-dir /etc/openvpn/server/clients_openvpn
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/server.crt
key /etc/openvpn/server/server.key
dh /etc/openvpn/server/dh.pem
tls-server
tls-auth /etc/openvpn/server/myvpn.tlsauth
key-direction 0
topology subnet
push "topology subnet"
ifconfig 192.168.98.1 255.255.255.0
push "route 192.168.99.0 255.255.255.0"
push "route-gateway 192.168.98.1"
ifconfig-pool 192.168.98.130 192.168.98.199
keepalive 10 120
user nobody
group nogroup
persist-key
persist-tun
status /tmp/openvpn-status.log
verb 3
log-append /tmp/openvpn.log
client config:
Code: Select all
client
remote xxx 111
proto udp4
dev tun
verb 3
keepalive 10 120
key-direction 1
<ca>
</ca>
<cert>
</cert>
<key>
</key>
<tls-auth>
</tls-auth>
It works fine, the problem is that if I change content of <tls-auth> on the client side, for example change last letter connection still works. Even if I change all line I can connect to VPN and SSH via this connection. Do I miss something? I thought that those keys must match, and even small change should broke connection.
Last edited by
gunner47300 on Mon Sep 27, 2021 5:55 pm, edited 1 time in total.
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11138
- Joined: Fri Jun 03, 2016 1:17 pm
Post
by TinCanTech » Mon Sep 27, 2021 2:27 pm
gunner47300 wrote: ↑Mon Sep 27, 2021 1:39 pm
the problem is that if I change content of <tls-auth> on the client side, for example change last letter connection still works
Not all the characters in the file are used, so this is expected.
-
gunner47300
- OpenVpn Newbie
- Posts: 2
- Joined: Mon Sep 27, 2021 11:29 am
Post
by gunner47300 » Mon Sep 27, 2021 5:06 pm
Is random part used or there is there some pattern?
-
Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn
Post
by Pippin » Mon Sep 27, 2021 6:55 pm
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp