easy-tls icon indicating copy to clipboard operation
easy-tls copied to clipboard
verified publisher icon TinCanTech

Allow one/many connection per TLS-Crypt-V2 key

Open TinCanTech opened this issue 4 years ago • 6 comments

This requires some form of TLS-Crypt-V2 key connection tracking.

TinCanTech avatar Aug 07 '21 14:08 TinCanTech

This cannot be done because there is no way to track the TLS-Key serial number when a client disconnects.

TinCanTech avatar Aug 09 '21 15:08 TinCanTech

This may be possible by ~using~ abusing OpenVPN auth_control_file.

TinCanTech avatar Aug 09 '21 19:08 TinCanTech

Requires ip address and port number

TinCanTech avatar Aug 10 '21 22:08 TinCanTech

Due to --float and not being able to use --ipchange on a server, tracking by ip:port ~is not~ may be possible~ when a client floats ..

~So~ Also, ~have to~ can conn-trac by tlskey-serial (TLS-Crypt-V2 key).

It's a pain in the ass but is possible ~for TLS-Crypt-V2 keys only~.

TinCanTech avatar Aug 11 '21 20:08 TinCanTech

After extensive testing, early indicators suggest that conn-trac library is working well.

TinCanTech avatar Aug 12 '21 14:08 TinCanTech

The only item remaining, is to decide what action to take if a new connection is the same as a current connection.

TinCanTech avatar Aug 13 '21 18:08 TinCanTech