Manage and Inline OpenVPN TLS keys and Easy-RSA PKI credentials. Supports OpenVPN TLS-Crypt-V2 key system and OpenVPN Peer-Fingerprint mode.
GPL-2.0 License
Bot releases are hidden (Show)
Version 2.7.0 is the first fully complete feature set release. No further changes are planned.
The following files are contained within the release archive below:
This is the complete release file - Release archive: easytls-2.7.0.tar.gz
SHA256: 4fb4ea823dc6eed7beb6c95d191874f8f57737da848d0c6e4c30c904222c7218
The Assets found below are not required.
Published by TinCanTech almost 3 years ago
The first implementation of TLS-Crypt-V2 GROUP keys is cumbersome and inflexible, so it is being changed, slowly.
Please do not create any GROUP keys with this version, instead download easytls
over your current v2.6.0 version.
That is the only change required.
Better than that, clone the entire repo!
Introduce easytls-tctip.lib (Optional library)
Commit f85e95e4bdd4a6d74bb180a8859206e1452f5aa1
Shared IPv4/6 address functions
Introduce TLS-2 Key metadata "source IP" filter
Commit 343652d89f9bc6a7cf3d4bdd927102a2b6db778c
IPv4/6 Client source IP matching
Introduce new Level Security setting for client-connect
Commit 41e4699a2ef14ffc1998ded92f6d445da5fcb027
Help to transition clients to TLS-Crypt-V2 keys
Introduce TLS-Crypt-V2 Group Keys
Commit 9d165c9da585a6535c18dfddec7db12ee8cab50e
Commit e43542d95be12c5752d26158e34620bccb3eb25b
This allows Groups of users to use the same key
Add support for Openvpn dynamic client-connect file
Commit c89cdff35362feb4d7e01e64d74c94983bbc92be
This alows Openvpn server to push dynamic options
Allow multiple Custom_Groups per server
Commit 3c857413200cac30ea1f7b4fa951374e7bfc5424
This allows clients to be sub-divided by Custom_Group
Abandon easytls-verify.sh
Commit 682ba0ff48535f0575cc220be3717f89281f986d
Script is no longer required due to UV_TLSKEY_SERIAL
Add UV_TLSKEY_SERIAL to be pushed to server
Commit 5ccdb9f37a94ec92d7447afbcf08db7264a55213
All clients using TLS-Crypt-V2 keys must push the
TLS-Key serial number to identify the key
Removed option --openvpn
Commit cf413bd199c2b611314e895e8c9d1be30a02fd12
Development only requirement
Introduce vars files for server side scripts
Commit 12dcd3f3078be8266d194e1d0b90db716aec0f82
The command line was too long when run under Windows
due to the extra requirement of loading sh.exe
Published by TinCanTech about 3 years ago
Version 2.5 is a long term release.
There are no further changes planned. Only bug fixes, as bugs are identified.
To use Easy-TLS, download easytls
and easytls-openssl.cnf
from the list below.
To use all the features available then down load all the files below.
Published by TinCanTech over 3 years ago
Full support for No-CA mode.
Introduce No CA Mode.
No CA Mode allows Easy-TLS to function without the need for a CA and full PKI.
This means it can be used to build TLS-Crypt-V2 keys for self-signed certificates.
Usage:
./easyrsa
init-pki
./easytls init
no-ca
./easytls
self-sign-server
or self-sign-client
to create self-signed certificates.
These can then be used by OpenVPN using Peer-Fingerprint mode.
Published by TinCanTech over 3 years ago
First official release.