On 26/07/15 15:48, fm_vpnl...@xemaps.com wrote: > What is the difference in using "keys" for > "tls-auth" > versus > "secret"?
The --secret option is used to setup a peer-to-peer tunnel using a static shared secret. If you are new to OpenVPN, I'd advice you to first start with --secret to get a functional tunnel and then upgrade it to a TLS based setup, with PKI and your own CA. The --tls-auth option is used to enable an additional packet authentication on top of the --client/--server mode, which uses public/private key pairs with certificates (so called PKI and TLS mode). Using --tls-auth is highly recommended, as it can reduce the attack vector considerably if new security issues are found in the SSL libraries (OpenSSL or PolarSSL/mbedTLS). And if coupled with the UDP protocol, the UDP port will not be detected during drive-by port scans. -- kind regards, David Sommerseth ------------------------------------------------------------------------------ _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
