Hello, I added "tls-crypt ta.key 0" and "data-cipher AES-256-GCM" to my Server.conf and "tls-crypt ta.key 1" and "data-cipher AES-256-GCM" to my Client.conf.
Client.ovpn is: client dev tun20 proto udp remote 192.168.1.20 2000 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert client.crt key client.key remote-cert-tls server tls-crypt ta.key 1 data-ciphers AES-256-GCM verb 3 <ca> -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- </ca> <cert> ... </cert> <key> -----BEGIN PRIVATE KEY----- ... -----END PRIVATE KEY----- </key> <tls-auth> # # 2048 bit OpenVPN static key # -----BEGIN OpenVPN Static key V1----- ... -----END OpenVPN Static key V1----- </tls-auth> But I got the following errors: Cannot pre-load keyfile (ta.key) Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers. Why? Is this because my key is not a separate file? Thank you. _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
