OPNsense Forum

Archive => 17.7 Legacy Series => Topic started by: Dronov on October 13, 2017, 03:07:57 pm

Title: OpenVPN tls-crypt
Post by: Dronov on October 13, 2017, 03:07:57 pm

I was recently forced to review my OpenVPN configuration, and I quickly realised that I have OpenVPN 2.4.x on all devices. I immediately thought about turning on tls-crypt, but I am not sure what would be the most elegant way to do so. It looks like the GUI supports tls-auth only.

I can surely dump the secret somewhere (using SSH) and just put tls-crypt /path/to/key in the "advanced" text box. But I was wondering if there is a more transparent way to achieve it? Ideally with all steps done via the web GUI and thus keeping the tls-crypt key as a part of the backup XML.

Title: Re: OpenVPN tls-crypt
Post by: athurdent on December 21, 2017, 07:17:22 am
+1 for tls-crypt support. This reduces the ability for middleboxes to detect the VPN traffic as OpenVPN and block it.