What is the OpenVPN shared key



  • I used the following tutorial to automatically create an openvpn server:

    http://programster.blogspot.co.uk/2014/06/centos-65-install-openvpn-server.html

    I currently use this server by connecting through the CLI using the 4 files I have locally. The:

    • ca.crt
    • client.conf
    • client1.crt
    • client1.key

    This is a "shared" client, such that I can connect with the same details from multiple computers with no issue, and do not have to enter a password. Each client is dynamically given an ip such as 10.8.0.26

    I am now trying to set my router to act as the client instead. Most of the settings when configuring the openvpn client were pretty straightforward except for the TLS Authentication. Do I have a shared key and if so, which of those files is it? I could only see certificates and private keys, not a public key. Or perhaps I need to use the client1.key private key?

    Also, I read somewhere that Blowfish is the default encryption algorithm, but is there some way to check?


  • LAYER 8 Netgate

    If you have a TLS authentication key configured on the server, you need the same key on the client.  If not, you don't.

    pfSense stores the TLS authentication key as clientX.tls-auth and serverX.tls-auth.

    This is used in the server using tls-auth /var/etc/openvpn/server2.tls-auth 0

    I guess if your CentOS config is doing something similar, you'll find the key in there.  If you don't need a tls-auth key to connect via CLI, I guess your walkthrough didn't configure TLS Authentication and you need to turn it off in the client's GUI.

    Why not just use pfSense as your OpenVPN server?


Log in to reply