Multiple secret keys
As stated in the previous recipe, OpenVPN uses two symmetric keys when setting up a point-to-point connection. However, it is also possible to use shared yet asymmetric keys in point-to-point mode. OpenVPN will use four keys in this case:
- A cipher key on the client side
- An HMAC key on the client side
- A cipher key on the server side
- An HMAC key on the server side
The same keying material is shared by both sides of the point-to-point connection, but the keys that are derived for encrypting and signing the data are different for each side. This recipe explains how to set up OpenVPN in this manner and how the keys can be made visible.
For this recipe, we use the
secret.key file from the previous recipe. Install OpenVPN ...