OpenVPN Config on 1.4

Hi All,

Using 1.2 the OpenVPN command ‘set interfaces openvpn vtun0 tls key-file ‘/config/auth/server.key’’ command was used to configure the private key file. Options under 1.3 are:
Possible completions:
auth-key TLS shared secret key for tls-auth
ca-certificate Certificate Authority in PKI configuration
certificate Certificate in PKI configuration
crypt-key Static key to use to authenticate control channel
dh-params Diffie Hellman parameters (server only)
role TLS negotiation role
tls-version-min Specify the minimum required TLS version

How do you setup the private key file in 1.3?

Hi @Woodster1975 , hope this documentation will help you: Generate X.509 Certificate and Keys

These options are in 1.4

Yes apologies, version is 1.4. Could not see how to add the certificate private key file.

First, you need to generate them using the command “generate pki” on VyOS 1.4 and after that add them to the configuration.These steps are described in the following section: OpenVPN — VyOS 1.4.x (sagitta) documentation

Or you can add existing ones with “set pki”.
But in the openvpn configuration there are no option for tls-auth. Propebly you must use

openvpn-option “–tls-auth /path/to/keyfile 0”

Sorry I’m blind, of course there is option for tls-auth it’s “auth-key”.

I will try that. I am testing a upgrade from a router running 1.2.7 with an existing OpenVPN server configuration.