Introduction

Jump to bottom Edit New page

TinCanTech edited this page Jan 2, 2021 · 3 revisions

Welcome to the Easy-TLS wiki!

This script is intended to:

Generate OpenVPN specific TLS keys
Generate OpenVPN specific .inline files, which include:
- OpenVPN specific TLS keys and required settings
- An Easy-RSA generated x509 Public Key Infra-structure
Marshal requirements to maintain valid .inline status

Minimum requirements:

Openvpn 2.5
Easy-RSA 3.0.7

Supports all "popular" OS:

Minimum requirement: All code must be compatible with EasyRSA3 for Windows.

Installation:

Simply copy the easytls script to your easyrsa3 working directory.

Howto:

https://github.com/TinCanTech/easy-tls/blob/master/EasyTLS-Howto-ii.md

The following items can also be found in EasyTLS-Howto-ii.md or NEED TO BE ADDED TO IT!

Using "Cache ID"

EasyTLS saves the Identity to a text file which easytls-cryptv2-verify.sh reads, instead of loading openssl to extract the CA fingerprint and sed to format it.
Use: easytls save-id and easytls-cryptv2-verify.sh option --cache-id. See respective help for usage details.

My test showed an almost 1 second improvement running the unit test a lot.

Using "Preload Cache ID"

Load the Identity as a command line parameter when OpenVPN calls easytls-cryptv2-verify.sh. This eliminates the need to repeatedly cat the Identity file.
Use: easytls-cryptv2-verify.sh option --preload-cache-id=<ID>. See help for usage details.

What is Identity ?

Identity is the CA certificate fingerprint formatted to one contiguous string.

EG:

OpenSSL fingerprint output: SHA1 Fingerprint=95:DC:<..snipped..>:03:DA

EasyTLS Identity format: 95DC<..snipped..>03DA

Needs updating