summaryrefslogtreecommitdiff
path: root/op-mode-definitions
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-02-27 18:44:12 +0100
committerChristian Poessinger <christian@poessinger.com>2020-02-27 18:44:12 +0100
commit93d33b06b59a514485467ced5a48dc997a235c6c (patch)
tree13a6226c14463ecbefaec6d96f92f87e4c9a926d /op-mode-definitions
parente054dee8b8ab81f7f85bb93bd25110affa38fcd0 (diff)
downloadvyos-1x-93d33b06b59a514485467ced5a48dc997a235c6c.tar.gz
vyos-1x-93d33b06b59a514485467ced5a48dc997a235c6c.zip
openvpn: T2075: add support for OpenVPN tls-crypt file option
Encrypt and authenticate all control channel packets with the key from keyfile. Encrypting (and authenticating) control channel packets: * provides more privacy by hiding the certificate used for the TLS connection * makes it harder to identify OpenVPN traffic as such * provides "poor-man's" post-quantum security, against attackers who will never know the pre-shared key (i.e. no forward secrecy)
Diffstat (limited to 'op-mode-definitions')
0 files changed, 0 insertions, 0 deletions