Mr Dash Four wrote:
Is there a way to generate a symmetric ta.key without using "openvpn --genkey --secret ta.key"?
yep, just use any freeform key that has enough entropy. For example,
this ta.key file is good enough
]# cat mykey
garble warble we need lots of entropy
when openvpn starts you'll see something
Control Channel Authentication: using '/etc/openvpn/cookbook/mykey' as a
free-form passphrase file
It is NOT possible to use the direction parameter for this
Is it possible to embed the contents of the above file in my openvpn config file in a
similar fashion as it is done with the <key></key> tag for example? If so, what
tag should I use for this?
in theory you co do this using
tls-auth [inline]
<tls-auth>
....
</tls-auth>
but this seems to work only for --genkey keys ; so it's either a
freeform key or an inline , not both. I think you actually may have
found a (minor) bug.
cheers,
JJK
