What is the OpenVPN shared key
-
I used the following tutorial to automatically create an openvpn server:
http://programster.blogspot.co.uk/2014/06/centos-65-install-openvpn-server.html
I currently use this server by connecting through the CLI using the 4 files I have locally. The:
- ca.crt
- client.conf
- client1.crt
- client1.key
This is a "shared" client, such that I can connect with the same details from multiple computers with no issue, and do not have to enter a password. Each client is dynamically given an ip such as 10.8.0.26
I am now trying to set my router to act as the client instead. Most of the settings when configuring the openvpn client were pretty straightforward except for the TLS Authentication. Do I have a shared key and if so, which of those files is it? I could only see certificates and private keys, not a public key. Or perhaps I need to use the client1.key private key?
Also, I read somewhere that Blowfish is the default encryption algorithm, but is there some way to check?
-
If you have a TLS authentication key configured on the server, you need the same key on the client. If not, you don't.
pfSense stores the TLS authentication key as clientX.tls-auth and serverX.tls-auth.
This is used in the server using tls-auth /var/etc/openvpn/server2.tls-auth 0
I guess if your CentOS config is doing something similar, you'll find the key in there. If you don't need a tls-auth key to connect via CLI, I guess your walkthrough didn't configure TLS Authentication and you need to turn it off in the client's GUI.
Why not just use pfSense as your OpenVPN server?