Skip to content

Migrating from TLS Auth TLS Crypt v1 to TLS Crypt v2

Jump to bottom Edit New page
TinCanTech edited this page Aug 23, 2021 · 2 revisions
  • OpenVPN allows the server to use both TLS-Auth or TLS-Crypt and TLS-Crypt-v2 together. That means: (TLS-Auth OR TLS-Crypt) AND TLS-Crypt-V2.
  • This means that, if you continue to use the original TLS-Auth/Crypt key in your server config then the server can support all the original clients and clients which you migrate to TLS-Crypt-V2, on one server instance. This helps you migrate your clients to new keys, if you choose to do so.
  • In order to migrate your clients to use TLS-Crypt-V2, simply generate the required keys. Use ./easytls build inter-active menu. i. A Server TLS-Crypt-V2 key -- ii. multiple client TLS-Crypt-V2 keys.
  • Next, generate inlinepackages for your server and clients. Use ./easytls inline inter-active menu.
  • Reference your server inline file in the server config with an option like so: config /etc/opevpn/easyrsa/pki/easytls/server.inline - This loads all the required keys and certificates of your server. Restart your server and correct any errors.
  • With regard to your clients, you must send them their inline packages over a secure method, eg: scp Have the clients reference their inline package in the same way as the server.

Needs updating

Add a custom sidebar
Clone this wiki locally