This recipe uses OpenVPN secret keys to secure the VPN tunnel. It is very similar to the previous recipe, but this time, we will use a shared secret key to encrypt the traffic between the client and the server.
Install OpenVPN 2.3.9 or higher on two computers. Make sure the computers are connected over a network. For this recipe, the server computer was running CentOS 6 Linux and OpenVPN 2.3.9 and the client was running Windows 7 64 bit and OpenVPN 2.3.10.
[root@server]# openvpn --genkey --secret secret.key
scp
).[root@server]# openvpn --ifconfig 10.200.0.1 10.200.0.2 --dev tun --secret secret.key
[WinClient] C:>"Program FilesOpenVPNinopenvpn.exe" --ifconfig 10.200.0.2 10.200.0.1 --dev tun --secret secret.key --remote openvpnserver.example.com
The connection is now established, as shown in the following screenshot:
This example works exactly as the first one: the server listens to the incoming connections on UDP port 1194
. The client connects to the server on this port. After the initial handshake, the server configures the first available TUN device with the IP address 10.200.0.1
and it expects the remote end (Peer address) to be 10.200.0.2
. The client does the opposite.
By default, OpenVPN uses two symmetric keys when setting up a point-to-point connection:
--secret
parameter.An OpenVPN secret key file is formatted as follows:
# # 2048 bit OpenVPN static key # -----BEGIN OpenVPN Static key V1----- <16 lines of random bytes> -----END OpenVPN Static key V1-----
From the random bytes, the OpenVPN Cipher and HMAC keys are derived. Note that these keys are the same for each session.
3.15.17.1