Use tls-auth in sample config files

For two reasons:
1) May motivate people to use tls-auth in their setups
2) Verify tls-auth functionality when running 'make check'

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1424614268-5078-1-git-send-email-steffan.karger@fox-it.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9467
Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/sample/sample-config-files/client.conf b/sample/sample-config-files/client.conf
index 050ef600ecab432d837edd71a103c364a8d1bc97..fedcbd6e8dcd7f0a78cde84f2824111da6ef2231 100644 (file)
--- a/sample/sample-config-files/client.conf
+++ b/sample/sample-config-files/client.conf
@@ -105,7 +105,7 @@ remote-cert-tls server
 
 # If a tls-auth key is used on the server
 # then every client must also have the key.
-;tls-auth ta.key 1
+tls-auth ta.key 1
 
 # Select a cryptographic cipher.
 # If the cipher option is used on the server

diff --git a/sample/sample-config-files/loopback-client b/sample/sample-config-files/loopback-client
index ebbd1cf40564b16dc0d6d9e7ac76670dc9517253..7117307de71267fd25290d2358da67bebb31494b 100644 (file)
--- a/sample/sample-config-files/loopback-client
+++ b/sample/sample-config-files/loopback-client
@@ -21,5 +21,6 @@ remote-cert-tls server
 ca sample-keys/ca.crt
 key sample-keys/client.key
 cert sample-keys/client.crt
+tls-auth sample-keys/ta.key 1
 ping 1
 inactive 120 10000000

diff --git a/sample/sample-config-files/loopback-server b/sample/sample-config-files/loopback-server
index 8cb97be0aa59efc389765840711e12ddaa573c62..8e1f39cd3d0a867f31fb023c2d8527901e00d118 100644 (file)
--- a/sample/sample-config-files/loopback-server
+++ b/sample/sample-config-files/loopback-server
@@ -21,5 +21,6 @@ dh sample-keys/dh2048.pem
 ca sample-keys/ca.crt
 key sample-keys/server.key
 cert sample-keys/server.crt
+tls-auth sample-keys/ta.key 0
 ping 1
 inactive 120 10000000

diff --git a/sample/sample-config-files/server.conf b/sample/sample-config-files/server.conf
index 701be3ccee3faea96c0da3048bcd9c55cca59cd5..c85ca0ffdb0810859cdf83da1d8ec23450b84455 100644 (file)
--- a/sample/sample-config-files/server.conf
+++ b/sample/sample-config-files/server.conf
@@ -241,7 +241,7 @@ keepalive 10 120
 # a copy of this key.
 # The second parameter should be '0'
 # on the server and '1' on the clients.
-;tls-auth ta.key 0 # This file is secret
+tls-auth ta.key 0 # This file is secret
 
 # Select a cryptographic cipher.
 # This config item must be copied to

diff --git a/sample/sample-keys/gen-sample-keys.sh b/sample/sample-keys/gen-sample-keys.sh
index 414687eb725e9cbab06a469467b5f8b0e4a50d1d..725cfc970c1e41c07a87549a2269368d6a408615 100755 (executable)
--- a/sample/sample-keys/gen-sample-keys.sh
+++ b/sample/sample-keys/gen-sample-keys.sh
@@ -14,6 +14,9 @@ then
     exit 1
 fi
 
+# Generate static key for tls-auth (or static key mode)
+$(dirname ${0})/../../src/openvpn/openvpn --genkey --secret ta.key
+
 # Create required directories and files
 mkdir -p sample-ca
 rm -f sample-ca/index.txt

diff --git a/sample/sample-keys/ta.key b/sample/sample-keys/ta.key
new file mode 100644 (file)
index 0000000..1669036
--- /dev/null
+++ b/sample/sample-keys/ta.key
@@ -0,0 +1,21 @@
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+a863b1cbdb911ff4ef3360ce135157e7
+241a465f5045f51cf9a92ebc24da34fd
+5fc48456778c977e374d55a8a7298aef
+40d0ab0c60b5e09838510526b73473a0
+8da46a8c352572dd86d4a871700a915b
+6aaa58a9dac560db2dfdd7ef15a202e1
+fca6913d7ee79c678c5798fbf7bd920c
+caa7a64720908da7254598b052d07f55
+5e31dc5721932cffbdd8965d04107415
+46c86823da18b66aab347e4522cc05ff
+634968889209c96b1024909cd4ce574c
+f829aa9c17d5df4a66043182ee23635d
+8cabf5a7ba02345ad94a3aa25a63d55c
+e13f4ad235a0825e3fe17f9419baff1c
+e73ad1dd652f1e48c7102fe8ee181e54
+10a160ae255f63fd01db1f29e6efcb8e
+-----END OpenVPN Static key V1-----