Hi!
I asked last year, but got no answer
https://forum.opnsense.org/index.php?topic=15297
Had a look in the documentation:
https://docs.opnsense.org/manual/how-tos/sslvpn_s2s.html
...DH Parameters Length 4096..
but here in my opnsenses there is no option to choose 4096 key length in the respective menu.
Maybe somebody can elucidate me on that?
Anyone?
disregard, not for site to site shared
Better use certificates instead of keys
Many thanks for replying!
Certs are complicated... private key for CA not on FW, certs expire. And so on...
Any good (!) tutorials for that? In the opnsense documentation I only found the static key how-to... :-(
Just give it a spin, you need one CA managed on one FW. On the other import the CA, but only the cert not the key. On CA create one server certificate and one client certificate, export/import cert and key. On Server use RA SSL on client P2P SSL, select CA and certificate on both sides, DH 4096, AES256, SHA26 .. give both a tunnel networks, specify left/right networks .. should be it.
Quote from: mimugmail on July 11, 2020, 10:55:23 AM
...On Server use RA SSL on client P2P SSL...
Thanks! Why use remote access on server side? Currently I use peer-to-peer and that is functionally what I want..