easy-tls

Version 2.7.0 is the first fully complete feature set release. No further changes are planned.

• The following files are contained within the release archive below:

  • easytls
  • easytls-cryptv2-verify.sh
  • easytls-cryptv2-verify.vars-example
  • easytls-client-connect.sh
  • easytls-client-connect.vars-example
  • easytls-client-disconnect.sh
  • easytls-client-disconnect.vars-example
  • easytls-conntrac.lib

• This is the complete release file - Release archive: easytls-2.7.0.tar.gz

  SHA256: 4fb4ea823dc6eed7beb6c95d191874f8f57737da848d0c6e4c30c904222c7218

The Assets found below are not required.

Version 2.6.0 is DOOMED

The first implementation of TLS-Crypt-V2 GROUP keys is cumbersome and inflexible, so it is being changed, slowly.
Please do not create any GROUP keys with this version, instead download easytls over your current v2.6.0 version.
That is the only change required.

Better than that, clone the entire repo!

The original v2.6.0 release follows:

Important changes

• Introduce easytls-tctip.lib (Optional library)
  Commit f85e95e4bdd4a6d74bb180a8859206e1452f5aa1
  Shared IPv4/6 address functions

• Introduce TLS-2 Key metadata "source IP" filter
  Commit 343652d89f9bc6a7cf3d4bdd927102a2b6db778c
  IPv4/6 Client source IP matching

• Introduce new Level Security setting for client-connect
  Commit 41e4699a2ef14ffc1998ded92f6d445da5fcb027
  Help to transition clients to TLS-Crypt-V2 keys

• Introduce TLS-Crypt-V2 Group Keys
  Commit 9d165c9da585a6535c18dfddec7db12ee8cab50e
  Commit e43542d95be12c5752d26158e34620bccb3eb25b
  This allows Groups of users to use the same key

• Add support for Openvpn dynamic client-connect file
  Commit c89cdff35362feb4d7e01e64d74c94983bbc92be
  This alows Openvpn server to push dynamic options

• Allow multiple Custom_Groups per server
  Commit 3c857413200cac30ea1f7b4fa951374e7bfc5424
  This allows clients to be sub-divided by Custom_Group

• Abandon easytls-verify.sh
  Commit 682ba0ff48535f0575cc220be3717f89281f986d
  Script is no longer required due to UV_TLSKEY_SERIAL

• Add UV_TLSKEY_SERIAL to be pushed to server
  Commit 5ccdb9f37a94ec92d7447afbcf08db7264a55213
  All clients using TLS-Crypt-V2 keys must push the
  TLS-Key serial number to identify the key

• Removed option --openvpn
  Commit cf413bd199c2b611314e895e8c9d1be30a02fd12
  Development only requirement

• Introduce vars files for server side scripts
  Commit 12dcd3f3078be8266d194e1d0b90db716aec0f82
  The command line was too long when run under Windows
  due to the extra requirement of loading sh.exe

Version 2.5 is a long term release.

There are no further changes planned. Only bug fixes, as bugs are identified.

To use Easy-TLS, download easytls and easytls-openssl.cnf from the list below.
To use all the features available then down load all the files below.

Full support for No-CA mode.

Introduce No CA Mode.

No CA Mode allows Easy-TLS to function without the need for a CA and full PKI.
This means it can be used to build TLS-Crypt-V2 keys for self-signed certificates.
Usage:
./easyrsa init-pki
./easytls init no-ca
./easytls self-sign-server or self-sign-client to create self-signed certificates.
These can then be used by OpenVPN using Peer-Fingerprint mode.

First official release.