Commit 2c43248

committed

fix: use tls crypt instead of tls auth

1 parent c6c7b74 commit 2c43248Copy full SHA for 2c43248

File tree

-5

lines changed

-5

lines changed

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -193,7 +193,7 @@ of a guarantee in the future.`
`193`	`193`	`* Proper PKI support integrated into image`
`194`	`194`	`* OpenVPN config files, PKI keys and certs are stored on a storage`
`195`	`195`	`volume for re-use across containers`
`196`		`-* Addition of tls-auth for HMAC security`
	`196`	`+* Addition of tls-crypt for security & censorship circumvention in some regions`
`197`	`197`
`198`	`198`	`## Originally Tested On`
`199`	`199`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -324,7 +324,7 @@ key $EASYRSA_PKI/private/${OVPN_CN}.key`
`324`	`324`	`ca $EASYRSA_PKI/ca.crt`
`325`	`325`	`cert $EASYRSA_PKI/issued/${OVPN_CN}.crt`
`326`	`326`	`dh $EASYRSA_PKI/dh.pem`
`327`		`-tls-auth $EASYRSA_PKI/ta.key`
	`327`	`+tls-crypt $EASYRSA_PKI/ta.key`
`328`	`328`	`key-direction 0`
`329`	`329`	`keepalive $OVPN_KEEPALIVE`
`330`	`330`	`persist-key`

Lines changed: 3 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -59,16 +59,16 @@ $(openssl x509 -in $EASYRSA_PKI/issued/${cn}.crt)`
`59`	`59`	`$(cat $EASYRSA_PKI/ca.crt)`
`60`	`60`	`</ca>`
`61`	`61`	`key-direction 1`
`62`		`-<tls-auth>`
	`62`	`+<tls-crypt>`
`63`	`63`	`$(cat $EASYRSA_PKI/ta.key)`
`64`		`-</tls-auth>`
	`64`	`+</tls-crypt>`
`65`	`65`	`"`
`66`	`66`	`elif [ "$mode" == "separated" ]; then`
`67`	`67`	`echo "`
`68`	`68`	`key ${cn}.key`
`69`	`69`	`ca ca.crt`
`70`	`70`	`cert ${cn}.crt`
`71`		`-tls-auth ta.key 1`
	`71`	`+tls-crypt ta.key 1`
`72`	`72`	`"`
`73`	`73`	`fi`
`74`	`74`

Comments

(0)