-
-
Notifications
You must be signed in to change notification settings - Fork 20
tlscryptv2 hierarchy
TinCanTech edited this page Jan 9, 2022
·
3 revisions
This page describes the Easy-TLS TLS-Crypt-V2 Key hierarchy.
This hierarchy may not be what you expect.
Using Easy-TLS, each TLS-Crypt-V2 Client GROUP Key can be individually disabled
on a per Server basis.
These keys can be disabled
and enabled
on-the-fly, without requiring a Server to reload or restart.
This allows groups of users to be effectively herded from server to server, given a little time.
Standard: One Server Key per Server.
===[*]: OpenVPN Server
|
+-> [Server-Key-HELIOS]: Single Server GROUP key.
|
+-> [Client-Key-#1-Mercury]: Client GROUP key #1 Family. (x6 users)
|
+-> [Client-Key-#2-Venus]: Client GROUP key #2 Friends. (x11 users)
|
+-> [Client-Key-#3-Mars]: Client GROUP key #3 Other. (x3 users)
|
...
Alternate: One Server Key per Data-Centre
===[*]: [Server-Master-Key-HELIOS]: Single Server GROUP key.
|
+-> OpenVPN Server #1
| |
| +-> [Client-Key-#1-Mercury]: Client GROUP key #1 Family. (x6 users)
| |
| +-> [Client-Key-#2-Venus]: Client GROUP key #2 Friends. (x11 users)
| |
| +-> [**Client-Key-#3-Mars**]: Client GROUP key #3 Other. (x3 users)
| |
| ...
|
+-> OpenVPN Server #2
| |
| +-> [**Client-Key-#3-Mars**]: Client GROUP key #3 Other. (x3 users)
| |
| +-> [Client-Key-#4-Jupiter]: Client GROUP key #4 Office. (x2 users)
| |
| +-> [Client-Key-#5-Saturn]: Client GROUP key #5 Remote#1 (x1 users)
| |
| ...
|
...
Note: In order to deploy a Server TLS-Crypt-V2 key as a Data-Centre key, some manual work is required.