Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/tincantech/easy-tls

Manage and Inline OpenVPN TLS keys and Easy-RSA PKI credentials. Supports OpenVPN TLS-Crypt-V2 key system and OpenVPN Peer-Fingerprint mode.
https://github.com/tincantech/easy-tls

automation certificates cryptography easyrsa inline keys openvpn openvpn-peer-fingerprint openvpn-tls-crypt-v2 shell-script tls vpn x509

Last synced: 13 days ago
JSON representation

Manage and Inline OpenVPN TLS keys and Easy-RSA PKI credentials. Supports OpenVPN TLS-Crypt-V2 key system and OpenVPN Peer-Fingerprint mode.

Awesome Lists containing this project

README 

        
[![CI](https://github.com/TinCanTech/easy-tls/actions/workflows/blank.yml/badge.svg)](https://github.com/TinCanTech/easy-tls/actions/workflows/blank.yml)

# Easy-TLS



From that list above, the only file which you need is: [**`easytls`**](https://github.com/TinCanTech/easy-tls/blob/master/easytls)



## Standard Features

Easy-TLS is an Easy-RSA extension utility to help manage:

+ Easy-RSA based x509 security credentials

+ OpenVPN specific TLS keys

+ Verified **`Inline`** files for use with OpenVPN

+ Concise OpenVPN TLS-Crypt-V2 Client Key Metadata definition

+ X509 Certificate **and matched** Easy-TLS Inline-file Expiry management tools

+ Substantial **Inter-active Menus**



## Additional Features

Easy-TLS also supports No-CA mode, which does not require an Easy-RSA CA:

+ Use Easy-TLS to build **self-signed** X509 Certificates and keys.



### Installation

Download: [**`easytls`**](https://github.com/TinCanTech/easy-tls/blob/master/easytls) to your `easyrsa3` working directory.



For full support, you will also need these scripts for use by your OpenVPN Server:

+ [**`easytls-cryptv2-verify.sh (1)`**](https://github.com/TinCanTech/easy-tls/blob/master/easytls-cryptv2-verify.sh) - **Can be used stand-alone**


  Used by Openvpn-Server to enforce TLS-Crypt-V2 `metadata` access policy rules.



+ [**`easytls-client-connect.sh (2)`**](https://github.com/TinCanTech/easy-tls/blob/master/easytls-client-connect.sh) - **Requires script `(1)(3)`**


  Used by Openvpn-Server to enforce `TLS-Key-type` and `address-filter` access policy rules.



+ [**`easytls-client-disconnect.sh (3)`**](https://github.com/TinCanTech/easy-tls/blob/master/easytls-client-disconnect.sh) - **Requires script `(1)(2)`**


  This Disconnect script is **required by** the Connect script.



+ Optional - [**`easytls-conntrac.lib`**](https://github.com/TinCanTech/easy-tls/blob/master/easytls-conntrac.lib) - **Requires script `(1)(2)(3)`**


  Connection tracking plug-in, required for optional connection tracking.



### Environment

**`easytls`** is intended to work **everywhere** that **`openvpn`** and **`easyrsa`** work.



### Requirements

+ Easy-RSA Version 3.0.6+

+ OpenVPN Version 2.5.0+



### Support

Please use the issues section here on github.


For live support you can use IRC channel: **libera.chat/#easytls**


Wiki: https://github.com/TinCanTech/easy-tls/wiki


Howto: https://github.com/TinCanTech/easy-tls/blob/master/EasyTLS-Howto-ii.md



## Acknowledgements

Easy-TLS is *written in the style of* and *borrows heavily from* Easy-RSA


See: https://github.com/OpenVPN/easy-rsa


**Note:**


This is intended to facilitate maximum compatibility with Easy-RSA while extending functionality


to include direct support for OpenVPN specific TLS keys and Inline credentials.



### Easy-TLS is inspired by **syzzer**


See: https://github.com/OpenVPN/openvpn/blob/master/doc/tls-crypt-v2.txt



I hope that you find Easy-TLS to be a useful tool.