OpenVPN tls-auth directive

You can harden your OpenVPN security by adding the tls-auth directive.

First you need to generate a secret key (ta.key).
Start by running Command Prompt as administrator.
Go to the keys folder by running the following command:

cd /Program Files/OpenVPN/easy-rsa/keys

In the keys folder, run the following command:

openvpn –genkey –secret ta.key

A file named “ta.key” will be generated in the keys folder.
This key should be copied over a secure channel to all The clients.
It is to be placed in the same directory as the client certificate and keys files.

Now log in to the DD-WRT router (
Go to Services >> VPN
Configure the OpenVPN server as follows:

TLS Auth Key: paste ta.key content from and including —–BEGIN OpenVPN Static key V1—–

Press <Save>
Press <Apply Settings>
Now reboot router.

Now try to connect to your server with your existing client. It shouldn’t work.

Edit your client config file as follows:

tls-auth ta.key 1

Then re-connect with your modified client config file. Did it work?

Leave a Reply