Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
openVPN site-to-site shared key with 4096
« previous
next »
Print
Pages: [
1
]
Author
Topic: openVPN site-to-site shared key with 4096 (Read 2694 times)
chemlud
Hero Member
Posts: 2487
Karma: 112
openVPN site-to-site shared key with 4096
«
on:
July 07, 2020, 06:10:37 pm »
Hi!
I asked last year, but got no answer
https://forum.opnsense.org/index.php?topic=15297
Had a look in the documentation:
https://docs.opnsense.org/manual/how-tos/sslvpn_s2s.html
Code:
[Select]
...DH Parameters Length 4096..
but here in my opnsenses there is no option to choose 4096 key length in the respective menu.
Maybe somebody can elucidate me on that?
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare
felix eichhorns premium katzenfutter mit der extraportion energie
A router is not a switch - A router is not a switch - A router is not a switch - A rou....
chemlud
Hero Member
Posts: 2487
Karma: 112
Re: openVPN site-to-site shared key with 4096
«
Reply #1 on:
July 10, 2020, 11:41:34 am »
Anyone?
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare
felix eichhorns premium katzenfutter mit der extraportion energie
A router is not a switch - A router is not a switch - A router is not a switch - A rou....
AhnHEL
Jr. Member
Posts: 64
Karma: 6
Re: openVPN site-to-site shared key with 4096
«
Reply #2 on:
July 10, 2020, 06:07:55 pm »
disregard, not for site to site shared
Logged
AhnHEL (Angel)
mimugmail
Hero Member
Posts: 6767
Karma: 494
Re: openVPN site-to-site shared key with 4096
«
Reply #3 on:
July 10, 2020, 08:11:47 pm »
Better use certificates instead of keys
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
chemlud
Hero Member
Posts: 2487
Karma: 112
Re: openVPN site-to-site shared key with 4096
«
Reply #4 on:
July 11, 2020, 10:44:10 am »
Many thanks for replying!
Certs are complicated... private key for CA not on FW, certs expire. And so on...
Any good (!) tutorials for that? In the opnsense documentation I only found the static key how-to... :-(
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare
felix eichhorns premium katzenfutter mit der extraportion energie
A router is not a switch - A router is not a switch - A router is not a switch - A rou....
mimugmail
Hero Member
Posts: 6767
Karma: 494
Re: openVPN site-to-site shared key with 4096
«
Reply #5 on:
July 11, 2020, 10:55:23 am »
Just give it a spin, you need one CA managed on one FW. On the other import the CA, but only the cert not the key. On CA create one server certificate and one client certificate, export/import cert and key. On Server use RA SSL on client P2P SSL, select CA and certificate on both sides, DH 4096, AES256, SHA26 .. give both a tunnel networks, specify left/right networks .. should be it.
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
chemlud
Hero Member
Posts: 2487
Karma: 112
Re: openVPN site-to-site shared key with 4096
«
Reply #6 on:
July 11, 2020, 11:14:56 am »
Quote from: mimugmail on July 11, 2020, 10:55:23 am
...On Server use RA SSL on client P2P SSL...
Thanks! Why use remote access on server side? Currently I use peer-to-peer and that is functionally what I want..
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare
felix eichhorns premium katzenfutter mit der extraportion energie
A router is not a switch - A router is not a switch - A router is not a switch - A rou....
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
openVPN site-to-site shared key with 4096