I installed Open VPN and generated .crt and .key files but I could not able to generate ta.key file which gives me options error : --tls-auth fails with ta.key : No such file or directory. How could I create this file. I couldn't find ta.key in any directory of Open VPN.
3 Answers
If you do not have a ta.key, of course tls-auth will fail. You may:
- drop the tls-auth instruction altogether. This is not a major dent in your security: the Manual in fact states:
This feature by itself does not improve the TLS auth in any way, although it offers a 2nd line of defense if a future flaw is discovered in a particular TLS cipher-suite or implementation (such as CVE-2014-0160, Heartbleed, where the tls-auth key provided protection against attackers who did not have a copy). However, it offers no protection at all in the event of a complete cryptographic break that can allow decryption of a cipher-suite's traffic.
or you may now generate the ta-key:
openvpn --genkey --secret /etc/openvpn/easy-rsa/keys/ta.key
it is not too late for this.
In my case, I messed up with my /etc/openvpn/server.conf while editing.
Reinstalling OpenVPN fixed my issue.
Recommend to do a backup before a edit.