-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi,
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Saturday, 15 May 2021 20:04, tincantech via Openvpn-users <openvpn-users@lists.sourceforge.net> wrote: > Hi, > > in Openvpn master branch there now exists Peer-Fingerprint mode. > This allows establishing a VPN by simply using self signed certificates, > which are identified by their fingerprint. > > This is very simple to setup, especially if you use Easy-PFP: > https://github.com/TinCanTech/easy-pfp > > However, if you are curious, you can still build a complete PKI using > Easy-RSA3 > and then build a complete suite of TLS-Crypt-V2 keys using Easy-TLS: > https://github.com/TinCanTech/easy-tls > > This then allows for OpenVPN to be run in Peer-Fingerprint mode > with full TLS-Crypt-V2 client specific keys in use. > > And it is Easy ! > > Enjoy > R Sample configuration files: * Server {{{ dev tun proto udp6 # I tested and it works fine dh none server 10.173.32.0 255.255.255.0 verb 4 keepalive 60 300 explicit-exit-notify 2 push "explicit-exit-notify 2" comp-lzo no push "comp-lzo no" <peer-fingerprint> 15:35:1A:5C:FC:72:31:B7:7B:5A:90:92:F5:5D:4C:A4:7E:EF:1B:D1:02:93:DE:F0:58:ED:96:E8:6D:FE:EB:C8 67:C7:14:45:2F:BD:DB:3A:EA:EE:81:52:BB:CE:1D:A3:AF:9A:0D:FB:23:9A:2D:FD:8D:81:0F:6B:E4:BF:46:43 </peer-fingerprint> config /home/tct/git/tct/easy-tls/master/easytls-script.conf # EASYTLS # EasyTLS version 1.28 # Common name: wiscii # X509 serial: C36AFA68FE36E4D0B210BD4484C809EB <cert> Certificate: <snip> </cert> <key> <s> </key> <ca> <s> </ca> # Easy-TLS version 1.28 - TLS crypt v2 key <tls-crypt-v2> <s> </tls-crypt-v2> }}} * Client {{{ remote 1.2.3.4 dev tun nobind client verb 4 <peer-fingerprint> F8:D2:3F:BC:97:8C:93:AB:2D:38:7B:B3:07:68:65:5E:B4:6F:0D:AF:D7:32:92:EA:B6:92:A6:75:14:74:79:8F </peer-fingerprint> # wiscii-pfp # EasyTLS version 1.28 # Common name: arch # X509 serial: A7AAD140085B970880896968DB6D38D5 <cert> Certificate: <s> </cert> <key> <s> </key> <ca> <s> </ca> # Easy-TLS version 1.28 - TLS crypt v2 key # CA serial: 4048683D8E735DC83574840B9E7EB26CA588B0C7 # tlskey-serial: 64735290acf119b74c18e2094e667aacf4223be73f8fc00bfc5910a8bf9443c0 # Creation Date: 2021-05-15 # Custom-Group: wiscii-pfp # Server Common Name: wiscii # Client Common Name: arch # Sub-key name: hw # Key status: Locked +00155DC96E01+ push-peer-info <tls-crypt-v2> <s> </tls-crypt-v2> }}} -----BEGIN PGP SIGNATURE----- Version: ProtonMail wsBzBAEBCAAGBQJgoB40ACEJEE+XnPZrkLidFiEECbw9RGejjXJ5xVVVT5ec 9muQuJ2YiAf/SYcOOH8V3JyhIpp9GAJ095MjuOI9FlKusJgkW/0Rx3zwhS4f Y1kVNMwmmNBGFTMgDr0OXPHxSvF+dB3S8asieSK6a0Hs5j8XOLjbcr9MCpOl 2v0WKMGfdNDJtu4n1c3S+OdXzJNVVMzGIwhYI6NyOYz6BEydf328DsiQ+ppf WPWVhHRwYJgkMaSWbUq6W2dEbJM/2fh/HWDkgSBLHbUXtYmxlG42jhIQPhRN Qx4f0Gp8+31jrK5ofCpwQkvHBFRcMFYY+hnEO1bFhwqaw2HBAo+wNPaWtzwu 9UDyqgsk/Pot2YOEaRoX4x16NuDCEglpxevsuKZtihl0sRI1O/Ie6g== =HS19 -----END PGP SIGNATURE-----
publickey - tincantech@protonmail.com - 0x09BC3D44.asc
Description: application/pgp-keys
publickey - tincantech@protonmail.com - 0x09BC3D44.asc.sig
Description: PGP signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
