Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/tincantech/easy-tls

Manage and Inline OpenVPN TLS keys and Easy-RSA PKI credentials. Supports OpenVPN TLS-Crypt-V2 key system and OpenVPN Peer-Fingerprint mode.
https://github.com/tincantech/easy-tls

automation certificates cryptography easyrsa inline keys openvpn openvpn-peer-fingerprint openvpn-tls-crypt-v2 shell-script tls vpn x509

Last synced: 5 days ago
JSON representation

Manage and Inline OpenVPN TLS keys and Easy-RSA PKI credentials. Supports OpenVPN TLS-Crypt-V2 key system and OpenVPN Peer-Fingerprint mode.

Awesome Lists containing this project

README

        

[![CI](https://github.com/TinCanTech/easy-tls/actions/workflows/blank.yml/badge.svg)](https://github.com/TinCanTech/easy-tls/actions/workflows/blank.yml)
# Easy-TLS

From that list above, the only file which you need is: [**`easytls`**](https://github.com/TinCanTech/easy-tls/blob/master/easytls)

## Standard Features
Easy-TLS is an Easy-RSA extension utility to help manage:
+ Easy-RSA based x509 security credentials
+ OpenVPN specific TLS keys
+ Verified **`Inline`** files for use with OpenVPN
+ Concise OpenVPN TLS-Crypt-V2 Client Key Metadata definition
+ X509 Certificate **and matched** Easy-TLS Inline-file Expiry management tools
+ Substantial **Inter-active Menus**

## Additional Features
Easy-TLS also supports No-CA mode, which does not require an Easy-RSA CA:
+ Use Easy-TLS to build **self-signed** X509 Certificates and keys.

### Installation
Download: [**`easytls`**](https://github.com/TinCanTech/easy-tls/blob/master/easytls) to your `easyrsa3` working directory.

For full support, you will also need these scripts for use by your OpenVPN Server:
+ [**`easytls-cryptv2-verify.sh (1)`**](https://github.com/TinCanTech/easy-tls/blob/master/easytls-cryptv2-verify.sh) - **Can be used stand-alone**

Used by Openvpn-Server to enforce TLS-Crypt-V2 `metadata` access policy rules.

+ [**`easytls-client-connect.sh (2)`**](https://github.com/TinCanTech/easy-tls/blob/master/easytls-client-connect.sh) - **Requires script `(1)(3)`**

Used by Openvpn-Server to enforce `TLS-Key-type` and `address-filter` access policy rules.

+ [**`easytls-client-disconnect.sh (3)`**](https://github.com/TinCanTech/easy-tls/blob/master/easytls-client-disconnect.sh) - **Requires script `(1)(2)`**

This Disconnect script is **required by** the Connect script.

+ Optional - [**`easytls-conntrac.lib`**](https://github.com/TinCanTech/easy-tls/blob/master/easytls-conntrac.lib) - **Requires script `(1)(2)(3)`**

Connection tracking plug-in, required for optional connection tracking.

### Environment
**`easytls`** is intended to work **everywhere** that **`openvpn`** and **`easyrsa`** work.

### Requirements
+ Easy-RSA Version 3.0.6+
+ OpenVPN Version 2.5.0+

### Support
Please use the issues section here on github.

For live support you can use IRC channel: **libera.chat/#easytls**

Wiki: https://github.com/TinCanTech/easy-tls/wiki

Howto: https://github.com/TinCanTech/easy-tls/blob/master/EasyTLS-Howto-ii.md

## Acknowledgements
Easy-TLS is *written in the style of* and *borrows heavily from* Easy-RSA

See: https://github.com/OpenVPN/easy-rsa

**Note:**

This is intended to facilitate maximum compatibility with Easy-RSA while extending functionality

to include direct support for OpenVPN specific TLS keys and Inline credentials.

### Easy-TLS is inspired by **syzzer**

See: https://github.com/OpenVPN/openvpn/blob/master/doc/tls-crypt-v2.txt

I hope that you find Easy-TLS to be a useful tool.