openvpn-install

mirror of https://github.com/angristan/openvpn-install.git synced 2025-12-15 16:37:03 +01:00

Files

Stanislas 3561d13389 feat: add tls-crypt-v2 support with per-client keys (#1377 )

## Summary

- Add support for OpenVPN's `tls-crypt-v2` feature (per-client TLS keys)
- Set `tls-crypt-v2` as the new recommended default
- Add CI tests for all 3 TLS key types

Closes #983
Closes #758
Closes https://github.com/angristan/openvpn-install/pull/1257

## What is tls-crypt-v2?

Unlike `tls-crypt` (shared key), `tls-crypt-v2` generates unique keys
per client:

- **Better security**: Compromised client keys don't affect other
clients
- **Easier management**: Individual client key revocation without
regenerating server key
- **Scalability**: Better suited for large deployments

Requires OpenVPN 2.5+ (released 2020).

## Menu options

```
1) tls-crypt-v2 (recommended): Encrypts control channel, unique key per client
2) tls-crypt: Encrypts control channel, shared key for all clients
3) tls-auth: Authenticates control channel, no encryption
```

2025-12-13 14:32:38 +01:00

client-entrypoint.sh

feat: add run_cmd_fatal, fix Fedora, improve CI (#1369 )

2025-12-13 13:31:54 +01:00

Dockerfile.client

Refactor Unbound setup and add E2E tests (#1340 )

2025-12-11 13:14:56 +01:00

Dockerfile.server

feat: enable proper systemd support in Docker tests (#1373 )

2025-12-13 01:14:54 +01:00

server-entrypoint.sh

feat: add tls-crypt-v2 support with per-client keys (#1377 )

2025-12-13 14:32:38 +01:00

validate-output.sh

Add structured logging system with color-coded output and file logging (#1321 )

2025-12-09 15:52:37 +01:00