TLS keydir direction
-
It appears that no matter what I set the value to, the '"TLS keydir direction" under VPN -> OpenVPN -> Clients isn't accepted and remains set to "Use default direction" on the web interface. However, the option is completely missing in the pfsense config file under. I should be under:
<openvpn-client>
...
<tlsauth_keydir></tlsauth_keydir>MISSINGThis breaks the tunnel I'm trying to bring up. Anyone experiencing the same?
I'm running 2.4.5-RELEASE-p1.
-
I tried on pfSense 2.4.5-p1 and 2.5.0 and in both cases, I was able to set the TLS key direction to any of the possible values and it changed as expected, and was reflected in config.xml
Remember: Upvote with the ๐ button for any user/post you find to be helpful, informative, or deserving of recognition!
Need help fast? Netgate Global Support!
Do not Chat/PM for help!
-
Are you certain you have the VPN set to a mode where that is relevant? It would only be relevant in SSL/TLS mode with an active TLS key, not in shared key mode.
-
I've got a simple PSK based VPN, but with directional keys. The server is on linux box where 0 follows the static key and the pfsense is the client where 1 would be set.
[root@ovpnserver] # openvpn
--ifconfig X.X.X.X X.X.X.X
--dev tun
--secret secret.key 0
--verb 7Would in pfsense "TLS keydir direction" be only applicable to TLS/SSL mode? If so, PSK with directional keys isn't supported then?
-
A shared key is not a TLS key.
The shared key setting in pfSense doesn't support a direction.
-
I had this feeling and thanks for confirming it. I'll remove the direction.
