![]() Port scanning to determine which server UDP ports are in a listening state.DoS attacks or port flooding on the OpenVPN UDP port.The tls-auth HMAC signature provides an additional level of security above and beyond that provided by SSL/TLS. Any UDP packet not bearing the correct HMAC signature can be dropped without further processing. The tls-auth directive adds an additional HMAC signature to all SSL/TLS handshake packets for integrity verification. ![]() This one is a bit special, so I'll just paste some related I found at : ![]() If you're interested, do some Googling or open another question creating a private CA - it's a whole other department. The private key could be generated and kept on the client without the server ever seeing it, but that would make the process a lot more complex. In the documentation you're looking at, it was generated on the server for convenience so that the client certificate could be signed by the key there and then signed by the CA key. It was signed by the client's private key and then that was signed by the CA's key. This is a certificate identifying the client. It can be shared with anybody and allows the client to verify the VPN server. Publicly disposable, this is the certificate for your VPN's certificate authority. ![]() Let's look at a breakdown of all the files, whether they're sensitive, and where they came from.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |