Skip to content

Migrating from TLS Auth TLS Crypt v1 to TLS Crypt v2

Jump to bottom Edit New page
TinCanTech edited this page Aug 23, 2021 · 2 revisions
  • OpenVPN allows the server to use both TLS-Auth or TLS-Crypt and TLS-Crypt-v2 together. That means: (TLS-Auth OR TLS-Crypt) AND TLS-Crypt-V2.
  • This means that, if you continue to use the original TLS-Auth/Crypt key in your server config then the server can support all the original clients and clients which you migrate to TLS-Crypt-V2, on one server instance. This helps you migrate your clients to new keys, if you choose to do so.
  • In order to migrate your clients to use TLS-Crypt-V2, simply generate the required keys.
    Use ./easytls build inter-active menu.
    i. A Server TLS-Crypt-V2 key
    ii. Multiple client TLS-Crypt-V2 keys.
  • Next, generate inlinepackages for your server and clients.
    Use ./easytls inline inter-active menu.
  • Reference your server inline file in the server config with an option like so:
    config /etc/opevpn/easyrsa/pki/easytls/server.inline
    This loads all the required keys and certificates of your server. Restart your server and correct any errors.
  • With regard to your clients, you must send them their inline packages over a secure method, eg: scp
    Have the clients reference their inline package in the same way as the server.

Needs updating

Add a custom sidebar
Clone this wiki locally