Hi, On Mon, Jun 04, 2018 at 09:10:23AM +0200, Jan Just Keijser wrote: > What's the particular use case for putting tls-auth files in connection > blocks?
"I have one existing server that is not using tls-auth yet, and a new one
that has tls-auth, and I want both in the same config file"
Plus, what Steffan mentioned: tls-auth rollover
> Does it apply only to tls-auth/tls-crypt files or also the
> certificate/private keys? I could see a use case for that as well...
Right now, only tls-auth/tls-crypt, but this is the same question I asked
on IRC yesterday :-)
The "traditional" use case ("my key/cert is my identity") would see
"a single identity for all remotes", but indeed, upgrading to a new server
with a new CA (--ca -> <connection>) and newly distributed identities
might also be an interesting use case. For @work, I've decided to tackle
this part with "just distribute two .ovpn files", but it's worth thinking
through the idea.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
