Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    What is the OpenVPN shared key

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      programster
      last edited by

      I used the following tutorial to automatically create an openvpn server:

      http://programster.blogspot.co.uk/2014/06/centos-65-install-openvpn-server.html

      I currently use this server by connecting through the CLI using the 4 files I have locally. The:

      • ca.crt
      • client.conf
      • client1.crt
      • client1.key

      This is a "shared" client, such that I can connect with the same details from multiple computers with no issue, and do not have to enter a password. Each client is dynamically given an ip such as 10.8.0.26

      I am now trying to set my router to act as the client instead. Most of the settings when configuring the openvpn client were pretty straightforward except for the TLS Authentication. Do I have a shared key and if so, which of those files is it? I could only see certificates and private keys, not a public key. Or perhaps I need to use the client1.key private key?

      Also, I read somewhere that Blowfish is the default encryption algorithm, but is there some way to check?

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        If you have a TLS authentication key configured on the server, you need the same key on the client.  If not, you don't.

        pfSense stores the TLS authentication key as clientX.tls-auth and serverX.tls-auth.

        This is used in the server using tls-auth /var/etc/openvpn/server2.tls-auth 0

        I guess if your CentOS config is doing something similar, you'll find the key in there.  If you don't need a tls-auth key to connect via CLI, I guess your walkthrough didn't configure TLS Authentication and you need to turn it off in the client's GUI.

        Why not just use pfSense as your OpenVPN server?

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.