OpenVPN, Does Perfect Forward Secrecy Key Need To Be Kept Private?Openvpn plugin openvpn-auth-ldap does not...
Perfect riffle shuffles
My boss asked me to take a one-day class, then signs it up as a day off
Adding empty element to declared container without declaring type of element
When is separating the total wavefunction into a space part and a spin part possible?
Can a Gentile theist be saved?
What is the term when two people sing in harmony, but they aren't singing the same notes?
Stereotypical names
I'm in charge of equipment buying but no one's ever happy with what I choose. How to fix this?
Should my PhD thesis be submitted under my legal name?
How do ultrasonic sensors differentiate between transmitted and received signals?
What would you call a finite collection of unordered objects that are not necessarily distinct?
Would it be legal for a US State to ban exports of a natural resource?
Greatest common substring
How can I successfully establish a nationwide combat training program for a large country?
Female=gender counterpart?
Java - What do constructor type arguments mean when placed *before* the type?
Organic chemistry Iodoform Reaction
Can the electrostatic force be infinite in magnitude?
Is a naturally all "male" species possible?
A car is moving at 40 km/h. A fly at 100 km/h, starts from wall towards the car(20 km away)flies to car and back. How many trips can it make?
Resetting two CD4017 counters simultaneously, only one resets
A Standard Integral Equation
Are Warlocks Arcane or Divine?
Can somebody explain Brexit in a few child-proof sentences?
OpenVPN, Does Perfect Forward Secrecy Key Need To Be Kept Private?
Openvpn plugin openvpn-auth-ldap does not bind to Active DirectoryWhy is my OpenVPN Client not connecting to the server? Amazon EC2 WindowsIssue with setting up Telnet Management on Open VPN ServerHow to use a Linux OpenVPN client host as gateyway for a Windows OpenVPN client host?OpenVPN allow two clients to connect to each other without using client-to-client globallyFix 'TLS Error: TLS handshake failed' on OpenVPN clientOpenVPN client to client without default gatewayOpenVpn Client credentials security, key crt generationInability to ping an OpenVPN client from the serverSetup OpenVPN 2.4 server and client to a complete unencrypted connection
On my OpenVPN server I generate a pfs.key file (perfect forward secrecy) using the command ./easyrsa gen-dh, in my client configuration file it includes this pfs.key file (and in server configuration file), so my question is, is it 'safe' to give clients the generated pfs.key file? I.e. Would giving clients the pfs.key file be of any concern in terms of security?
The client config includes the pfs.key file like so
tls-auth /path/to/pfs.key
openvpn
asked 9 mins ago
thehaxdevthehaxdev
153
add a comment |
On my OpenVPN server I generate a pfs.key file (perfect forward secrecy) using the command ./easyrsa gen-dh, in my client configuration file it includes this pfs.key file (and in server configuration file), so my question is, is it 'safe' to give clients the generated pfs.key file? I.e. Would giving clients the pfs.key file be of any concern in terms of security?
The client config includes the pfs.key file like so
tls-auth /path/to/pfs.key
openvpn
asked 9 mins ago
thehaxdevthehaxdev
153
add a comment |
On my OpenVPN server I generate a pfs.key file (perfect forward secrecy) using the command ./easyrsa gen-dh, in my client configuration file it includes this pfs.key file (and in server configuration file), so my question is, is it 'safe' to give clients the generated pfs.key file? I.e. Would giving clients the pfs.key file be of any concern in terms of security?
The client config includes the pfs.key file like so
tls-auth /path/to/pfs.key
openvpn
asked 9 mins ago
thehaxdevthehaxdev
153
On my OpenVPN server I generate a pfs.key file (perfect forward secrecy) using the command ./easyrsa gen-dh, in my client configuration file it includes this pfs.key file (and in server configuration file), so my question is, is it 'safe' to give clients the generated pfs.key file? I.e. Would giving clients the pfs.key file be of any concern in terms of security?
The client config includes the pfs.key file like so
tls-auth /path/to/pfs.key
openvpn
openvpn
asked 9 mins ago
thehaxdevthehaxdev
153
asked 9 mins ago
thehaxdevthehaxdev
153
asked 9 mins ago
thehaxdevthehaxdev
153
asked 9 mins ago
thehaxdevthehaxdev
153
asked 9 mins ago
thehaxdevthehaxdev
153
153
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f959944%2fopenvpn-does-perfect-forward-secrecy-key-need-to-be-kept-private%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f959944%2fopenvpn-does-perfect-forward-secrecy-key-need-to-be-kept-private%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
