Configuring OpenVPN with Certificates—Simple TLS Mode
In Chapter 6, we worked with a configuration file like the following:
remote 10.10.10.103 dev tap tls-client ifconfig 10.3.0.2 255.255.255.0 dh keys/dh2048.pem ca keys/ca.crt cert keys/VPN-Client.crt key keys/VPN-Client.key
In line 3 of our little configuration file, we find the parameter tls-client; on our Windows system we entered tls-server here. These entries cause openvpn to start TLS to protect the data transferred. All machines involved in the VPN need the same CA certificate and a local certificate and key pair issued by this CA. On connection, the two partners exchange their local certificates and validate the partner's certificate by checking if it was signed by the common CA. OpenVPN must know which files contain the CA and local certificate and key.
The following table shows the main parameters that we need to adapt for the use with certificates:
|
Parameter |
Options |
Function |
Usage |
Example |
|
|
|
Defines the... |
