How to enable TLS-Crypt (Not just TLS-Auth)

Routers VPN, DNS, Leaks
1

I have 2 Opal SFT1200 and I have set using OpenVPN protocol. I can see TLS-Auth toggle in server configuration but how do I enable TLS-Crypt instead?

So far, I have tried putting in "tls-crypt ta.key" and changing the tag from tls-auth to tls-crypt in the .ovpn file (for the client) and I also added "tls-crypt /etc/openvpn/ta.key" on client's /etc/openvpn/ovpn/server.ovpn so the server expects it. It doesn't work. Is there something I am missing?

Here is the log from client when failing to connect:
Apr 28 13:37:13 Attempting to establish TCP connection with VPN server (My Server IP)
Apr 28 13:37:13 TCP connection established with VPN server
Apr 28 13:37:13 Connection reset, restarting
Apr 28 13:37:13 Received SIGHUP (soft, connection-reset), process restarting
Apr 28 13:37:13 OpenVPN 2.5.7 mipsel-openwrt-linux-gnu starting up
Apr 28 13:37:13 Library versions: OpenSSL 1.1.1i, LZO 2.10
Apr 28 13:37:13 Restart pause: 2 seconds

2

Two sides:

server:

sed -i '/tls-auth/tls-crypt/g' /lib/netifd/proto/ovpnserver.sh
ifup ovpnserver

client:
change .ovpn to
<t/ls-auth> to

4

Hey man, thanks for your reply! Which file do I make that change to in server and for client, are you saying I have to use <t/ls-auth> tags? I think your response got corrupted and should the tags contain a secret key?

5

Hi,

Please wait, it is a national holiday, some staff in holiday, I have reminded handsome, will reply later.

6

Thanks mate

7

Sorry for not expressing clear.
For the ta key parameter, we hardcoded as tls-auth, if you want to change to tls-crypt, you heed to change server code, and the exported .ovpn client config file.

  • Server, use terminal command to change code:
sed -i '/tls-auth/tls-crypt/g' /lib/netifd/proto/ovpnserver.sh
# restart server interface
ifup ovpnserver

Yes it's corruted due to HTML tag, I didn't notice that.