tlscryptv2 hierarchy

This page describes the Easy-TLS TLS-Crypt-V2 Key hierarchy.

TLS-Crypt-V2 Key hierarchy example

This hierarchy may not be what you expect.

Using Easy-TLS, each TLS-Crypt-V2 Client GROUP Key can be individually disabled on a per Server basis.
These keys can be disabled and enabled on-the-fly, without requiring a Server to reload or restart.
This allows groups of users to be effectively herded from server to server, given a little time.

Standard: One Server Key per Server.

===[*]: OpenVPN Server
    |
    +-> [S-HELIOS]: Single Server GROUP key.
         |
         +-> [C1-Mercury]: Client GROUP key #1 Family. (x6 users)
         |
         +-> [C2-Venus]: Client GROUP key #2 Friends. (x11 users)
         |
         +-> [C3-Mars]: Client GROUP key #3 Other. (x3 users)
         |
         ...

Alternate: One Server Key per Data-Centre

===[*]: [S-HELIOS]: Single Server GROUP key.
    |
    +-> OpenVPN Server #1
    |    |
    |    +-> [C1-Mercury]: Client GROUP key #1 Family. (x6 users)
    |    |
    |    +-> [C2-Venus]: Client GROUP key #2 Friends. (x11 users)
    |    |
    |    +-> [*C3-Mars]: Client GROUP key #3 Other. (x3 users)
    |    |
    |    ...
    |
    +-> OpenVPN Server #2
    |    |
    |    +-> [*C3-Mars]: Client GROUP key #3 Other. (x3 users)
    |    |
    |    +-> [C4-Jupiter]: Client GROUP key #4 Office. (x2 users)
    |    |
    |    +-> [C5-Saturn]: Client GROUP key #5 Remote#1 (x1 users)
    |    |
    |    ...
    |
    ...

Note: In order to deploy a Server TLS-Crypt-V2 key as a Data-Centre key, some manual work is required.

Needs updating

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

tlscryptv2 hierarchy

TLS-Crypt-V2 Key hierarchy example

Clone this wiki locally