Is there a way to generate a symmetric ta.key without using "openvpn
--genkey --secret ta.key"?
yep, just use any freeform key that has enough entropy. For example,
this ta.key file is good enough
]# cat mykey
garble warble we need lots of entropy
So, in theory, I could use, for example, openssl to generate any key,
encode it in pem format and use that as raw material (i.e. a sequence of
printable characters), is that correct?
It is NOT possible to use the direction parameter for this
You mean the digit which goes after tls-auth - i.e. 0 or 1?
Is it possible to embed the contents of the above file in my openvpn
config file in a similar fashion as it is done with the <key></key>
tag for example? If so, what tag should I use for this?
in theory you co do this using
tls-auth [inline]
<tls-auth>
....
</tls-auth>
but this seems to work only for --genkey keys ; so it's either a
freeform key or an inline , not both. I think you actually may have
found a (minor) bug.
What is the meaning of "inline"? If I use <tls-auth></tls-auth> how do I
specify the digit (0 or 1)?
Thanks.
