Mr Dash Four wrote:
Is there a way to generate a symmetric ta.key without using "openvpn
--genkey --secret ta.key"?
yep, just use any freeform key that has enough entropy. For example,
this ta.key file is good enough
]# cat mykey
garble warble we need lots of entropy
So, in theory, I could use, for example, openssl to generate any key,
encode it in pem format and use that as raw material (i.e. a sequence of
printable characters), is that correct?
It is NOT possible to use the direction parameter for this
You mean the digit which goes after tls-auth - i.e. 0 or 1?
yep
Is it possible to embed the contents of the above file in my openvpn
config file in a similar fashion as it is done with the <key></key>
tag for example? If so, what tag should I use for this?
in theory you co do this using
tls-auth [inline]
<tls-auth>
....
</tls-auth>
but this seems to work only for --genkey keys ; so it's either a
freeform key or an inline , not both. I think you actually may have
found a (minor) bug.
What is the meaning of "inline"? If I use <tls-auth></tls-auth> how do I
specify the digit (0 or 1)?
the first statement
tls-auth [inline]
tells openvpn to look for an inline version of the tls-auth file; this
inline version is contained in the blob.
you can use
tls-auth [inline] 0|1
to specify a direction , but as I said, that works only for 'openvpn
--genkey' generated keys.
HTH,
JJK
