Enable TLS Auth support
- 
 Am requesting TLS Auth support from within the GUI. 
 Another box where a key can be inserted for OpenVPN. If the box are filled, TLS Auth should/can be enabled.The tls-auth directive adds an additional HMAC signature to all SSL/TLS handshake packets for integrity verification. Any UDP packet not bearing the correct HMAC signature can be dropped without further processing. The tls-auth HMAC signature provides an additional level of security above and beyond that provided by SSL/TLS. It can protect against: - 
DoS attacks or port flooding on the OpenVPN UDP port. 
- 
Port scanning to determine which server UDP ports are in a listening state. 
- 
Buffer overflow vulnerabilities in the SSL/TLS implementation. 
- 
SSL/TLS handshake initiations from unauthorized machines (while such handshakes would ultimately fail to authenticate, tls-auth can cut them off at a much earlier point). 
 http://openvpn.net/howto.html#security In the mean time, I would like to get suggestions how to enable TLS Auth support on a pfsense linux box. 
- 
- 
 search for openvpn and freebsd btw pfsense is bsd not linux 
- 
 search for openvpn and freebsd btw pfsense is bsd not linux Have searched the net a while now without finding anything useful. 
 As you can see am not an expert in the unix world.Anyway, I was looking in the logfile for openVPN and found out that something was read from /var/etc catalog. I went over their and found openvpn_server1.conf! So now I got it to work. 
 My request about implement this feature into GUI still exist.
- 
 Please provide the directive you added to the conf file here, and I'll see if I can get a dev to add it to the ui. 
- 
 Greetings, you can use Custom options in OpenVPN settings for this feature : 
 tls-auth /etc/tls_auth.key 0and then use Edit File and save your TLS key in this file : /etc/tls_auth.key 
- 
 you can use Custom options in OpenVPN settings for this feature : 
 tls-auth /etc/tls_auth.key 0
 and then use Edit File and save your TLS key in this file : /etc/tls_auth.keyThank you 
 Easier then editing a file.
- 
 I've done this the manual way, but a extra inputfield would be a valuable addition to the openvpn configuration GUI. :) 
- 
 I'll have a look for it and create some GUI-patch… so watch out for answers of mine in this topic ;D 
- 
 So… it's ready... have a look at http://pfsense.trendchiller.com and look at the patches section… 
- 
 some bugs fixed… if you downloaded... please do so again... 
- 
 some bugs fixed… if you downloaded... please do so again... Will these features becoming in a future SNAP or version? 
- 
 Yes, features are freezed until 1.3 release… Next release will be 1.2 and after release of 1.2 it will be in the new snaps :-) 
- 
 Hi all, does your patch can be installed in a 1.2 RC2 ? ??? best regards 
- 
 yes, it can… i also created a script for re-adding this features after upgrading to a new snap ;) from the gui: fetch -o /trendchiller.sh http://pfsense.trendchiller.com/patches/trendchiller.update 
 chmod 744 /trendchiller.sh
 then execute/trendchiller.sh and have fun :-) 
- 
 for embedded this should work… fetch -o /etc/inc/openvpn.inc http://pfsense.trendchiller.com/patches/openvpn/_etc_inc/openvpn.inc 
 fetch -o /usr/local/pkg/openvpn.xml http://pfsense.trendchiller.com/patches/openvpn/_usr_local_pkg/openvpn.xml
 fetch -o /usr/local/pkg/openvpn_cli.xml http://pfsense.trendchiller.com/patches/openvpn/_usr_local_pkg/openvpn_cli.xml
 fetch -o /usr/local/pkg/openvpn_csc.xml http://pfsense.trendchiller.com/patches/openvpn/_usr_local_pkg/openvpn_csc.xml