Hi all,
With pfSense 1.2.3 I created all the client certificates with a password associated to it with the command line "build-key-pass". To increase security, I also used the tls-auth directive to add an additional HMAC signature to all SSL/TLS handshake packets for integrity verification with command line "openvpn --genkey --secret ta.key", then exported the "ta.key" with the ca.crt, client .crt and .key files. I then included on the advanced options the line "tls-auth /root/easyrsa4pfsense/keys/ta.key 0", on server side, and a similar line on the client side config file. My question is: can I use the same options on 2.0 release? I didn't find any command line to create client certificates with a password nor to generate the "ta.key". I need to use both security options in all my deployments. Thanks in advance. Regards, Carlos
_______________________________________________ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list