fix: use tls crypt instead of tls auth

BirdDev · BirdDev · commit 2c4324876fed · 2022-11-22T22:58:58.000+01:00
kylemanna#501
diff --git a/README.md b/README.md
@@ -193,7 +193,7 @@ of a guarantee in the future.
 * Proper PKI support integrated into image
 * OpenVPN config files, PKI keys and certs are stored on a storage
   volume for re-use across containers
-* Addition of tls-auth for HMAC security
+* Addition of tls-crypt for security & censorship circumvention in some regions
 
 ## Originally Tested On
 
diff --git a/bin/ovpn_genconfig b/bin/ovpn_genconfig
@@ -324,7 +324,7 @@ key $EASYRSA_PKI/private/${OVPN_CN}.key
 ca $EASYRSA_PKI/ca.crt
 cert $EASYRSA_PKI/issued/${OVPN_CN}.crt
 dh $EASYRSA_PKI/dh.pem
-tls-auth $EASYRSA_PKI/ta.key
+tls-crypt $EASYRSA_PKI/ta.key
 key-direction 0
 keepalive $OVPN_KEEPALIVE
 persist-key
diff --git a/bin/ovpn_getclient b/bin/ovpn_getclient
@@ -59,16 +59,16 @@ $(openssl x509 -in $EASYRSA_PKI/issued/${cn}.crt)
 $(cat $EASYRSA_PKI/ca.crt)
 </ca>
 key-direction 1
-<tls-auth>
+<tls-crypt>
 $(cat $EASYRSA_PKI/ta.key)
-</tls-auth>
+</tls-crypt>
 "
     elif [ "$mode" == "separated" ]; then
         echo "
 key ${cn}.key
 ca ca.crt
 cert ${cn}.crt
-tls-auth ta.key 1
+tls-crypt ta.key 1
 "
     fi
 
