Re: [Openvpn-users] Easy-TLS and Easy-PFP

Sat, 15 May 2021 12:34:14 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

OK, without the CA being set there is this message at the top of the log:
Using certificate fingerprint to verify peer (no CA option set)

So there it is!

Thanks
R

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Saturday, 15 May 2021 20:29, tincantech <tincant...@protonmail.com> wrote:

> Hi,
>
> I should note: I have deleted the CA certificate from both server and client 
> configs.
> This is a basic test to see if openvpn is running in Peer-fingerprint mode, 
> because there
> is otherwise no indication of that being the case, at verb 4. At least, none 
> that I can see.
>
> Thanks
> R
>
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> On Saturday, 15 May 2021 20:04, tincantech via Openvpn-users 
> openvpn-users@lists.sourceforge.net wrote:
>
> > Hi,
> > in Openvpn master branch there now exists Peer-Fingerprint mode.
> > This allows establishing a VPN by simply using self signed certificates,
> > which are identified by their fingerprint.
> > This is very simple to setup, especially if you use Easy-PFP:
> > https://github.com/TinCanTech/easy-pfp
> > However, if you are curious, you can still build a complete PKI using 
> > Easy-RSA3
> > and then build a complete suite of TLS-Crypt-V2 keys using Easy-TLS:
> > https://github.com/TinCanTech/easy-tls
> > This then allows for OpenVPN to be run in Peer-Fingerprint mode
> > with full TLS-Crypt-V2 client specific keys in use.
> > And it is Easy !
> > Enjoy
> > R


-----BEGIN PGP SIGNATURE-----
Version: ProtonMail

wsBzBAEBCAAGBQJgoCHJACEJEE+XnPZrkLidFiEECbw9RGejjXJ5xVVVT5ec
9muQuJ0+2QgAqtWANjXtNo5iM8Qr3fed/0GDlb3DkDvTYT2tOSG+Z/rDmZGf
S7wwpC48frCqcqXHpopk8kzmoty6SuuDvYUU62y3iB9FhAZMj2MHmnGboGsL
q1gCtdH6lZcr+sin/LJ3un4lFF/n55Gfv+Kzr5234TcsmxoMaCBrcAnTg+iR
aJ/dhGZo8NtEuvqsts4nCdas717Lw0H+CW5I32mghsqCXct9BtTpEVvIVQbs
N+cFbNpz0XNzBo+Oj58gq6RZjhV6VYEtXiobPEdNnmdUCoTB9bPtevPXW83C
RwkGptxLXu1/D3t+SotTQCRbQ7SxY8nN2ujzp83525y9gqlb5vwhLQ==
=jmOh
-----END PGP SIGNATURE-----

Attachment: publickey - tincantech@protonmail.com - 0x09BC3D44.asc
Description: application/pgp-keys

Attachment: publickey - tincantech@protonmail.com - 0x09BC3D44.asc.sig
Description: PGP signature

_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users






















					Reply via email to