OpenVPN tls-auth directive
You can harden your OpenVPN security by adding the tls-auth directive.
First you need to generate a secret key (ta.key).
Start by running Command Prompt as administrator.
Go to the keys folder by running the following command:
cd /Program Files/OpenVPN/easy-rsa/keys
In the keys folder, run the following command:
openvpn –genkey –secret ta.key
A file named “ta.key” will be generated in the keys folder.
This key should be copied over a secure channel to all The clients.
It is to be placed in the same directory as the client certificate and keys files.
Now log in to the DD-WRT router (192.168.22.1).
Go to Services >> VPN
Configure the OpenVPN server as follows:
TLS Auth Key: paste ta.key content from and including —–BEGIN OpenVPN Static key V1—–
Press <Save>
Press <Apply Settings>
Now reboot router.
Now try to connect to your server with your existing client. It shouldn’t work.
Edit your client config file as follows:
tls-auth ta.key 1
Then re-connect with your modified client config file. Did it work?
Recent Comments