Hi, On Tue, Nov 08, 2016 at 05:09:32PM +0000, jack seth wrote: > I'm assuming that Openvpn is actually using Openssl to create the 2048-bit > 'ta.key' file (If that's not right please correct me). If so, what are the > openssl command/options used to create this file?
The openvpn man page suggests using "openvpn --genkey"
--tls-auth file [direction]
Add an additional layer of HMAC authentication on top of the TLS
control channel to protect against DoS attacks.
In a nutshell, --tls-auth enables a kind of "HMAC firewall" on
OpenVPN's TCP/UDP port, where TLS control channel packets bear-
ing an incorrect HMAC signature can be dropped immediately with-
out response.
file (required) is a file in OpenVPN static key format which can
be generated by --genkey
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today. http://sdm.link/xeonphi
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
