Manage and Inline OpenVPN TLS keys and Easy-RSA PKI credentials. Supports OpenVPN TLS-Crypt-V2 key system and OpenVPN Peer-Fingerprint mode.
Version 2.7.0 is the first fully complete feature set release. No further changes are planned.
The following files are contained within the release archive below:
This is the complete release file - Release archive: easytls-2.7.0.tar.gz
SHA256: 4fb4ea823dc6eed7beb6c95d191874f8f57737da848d0c6e4c30c904222c7218
The Assets found below are not required.
The first implementation of TLS-Crypt-V2 GROUP keys is cumbersome and inflexible, so it is being changed, slowly.
Please do not create any GROUP keys with this version, instead download easytls
over your current v2.6.0 version.
That is the only change required.
Better than that, clone the entire repo!
Introduce easytls-tctip.lib (Optional library) Commit f85e95e4bdd4a6d74bb180a8859206e1452f5aa1 Shared IPv4/6 address functions
Introduce TLS-2 Key metadata "source IP" filter Commit 343652d89f9bc6a7cf3d4bdd927102a2b6db778c IPv4/6 Client source IP matching
Introduce new Level Security setting for client-connect Commit 41e4699a2ef14ffc1998ded92f6d445da5fcb027 Help to transition clients to TLS-Crypt-V2 keys
Introduce TLS-Crypt-V2 Group Keys Commit 9d165c9da585a6535c18dfddec7db12ee8cab50e Commit e43542d95be12c5752d26158e34620bccb3eb25b This allows Groups of users to use the same key
Add support for Openvpn dynamic client-connect file Commit c89cdff35362feb4d7e01e64d74c94983bbc92be This alows Openvpn server to push dynamic options
Allow multiple Custom_Groups per server Commit 3c857413200cac30ea1f7b4fa951374e7bfc5424 This allows clients to be sub-divided by Custom_Group
Abandon easytls-verify.sh Commit 682ba0ff48535f0575cc220be3717f89281f986d Script is no longer required due to UV_TLSKEY_SERIAL
Add UV_TLSKEY_SERIAL to be pushed to server Commit 5ccdb9f37a94ec92d7447afbcf08db7264a55213 All clients using TLS-Crypt-V2 keys must push the TLS-Key serial number to identify the key
Removed option --openvpn Commit cf413bd199c2b611314e895e8c9d1be30a02fd12 Development only requirement
Introduce vars files for server side scripts Commit 12dcd3f3078be8266d194e1d0b90db716aec0f82 The command line was too long when run under Windows due to the extra requirement of loading sh.exe
Version 2.5 is a long term release.
There are no further changes planned. Only bug fixes, as bugs are identified.
To use Easy-TLS, download easytls
and easytls-openssl.cnf
from the list below.
To use all the features available then down load all the files below.
Full support for No-CA mode.
Introduce No CA Mode.
No CA Mode allows Easy-TLS to function without the need for a CA and full PKI.
This means it can be used to build TLS-Crypt-V2 keys for self-signed certificates.
Usage:
./easyrsa
init-pki
./easytls init
no-ca
./easytls
self-sign-server
or self-sign-client
to create self-signed certificates.
These can then be used by OpenVPN using Peer-Fingerprint mode.
First official release.