________________________________________
From: Gert Doering <g...@greenie.muc.de>
Sent: Tuesday, November 8, 2016 11:20 AM
To: jack seth
Cc: openvpn-users@lists.sourceforge.net
Subject: Re: [Openvpn-users] Underlying command for static key file
Hi,
On Tue, Nov 08, 2016 at 05:09:32PM +0000, jack seth wrote:
> I'm assuming that Openvpn is actually using Openssl to create the 2048-bit
> 'ta.key' file (If that's not right please correct me). If so, what are the
> openssl command/options used to create this file?
The openvpn man page suggests using "openvpn --genkey"
--tls-auth file [direction]
Add an additional layer of HMAC authentication on top of the TLS
control channel to protect against DoS attacks.
In a nutshell, --tls-auth enables a kind of "HMAC firewall" on
OpenVPN's TCP/UDP port, where TLS control channel packets bear-
ing an incorrect HMAC signature can be dropped immediately with-
out response.
file (required) is a file in OpenVPN static key format which can
be generated by --genkey
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
Thanks for the response, but that is not what I mean. I know that you create
that file with the "openvpn --genkey" normally. What I am wondering is if that
action really calls 'openssl' and issues commands/options to that? If that is
true, what is the 'openssl' command for this?
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
