This page will generate OpenVPN configuration files (.ovpn), for those who don't want or can't use our client. More help The configuration generator enables you to generate and download certificates, key and configuration files for OpenVPN and any OpenVPN GUI or wrapper.
Hi there,
Openvpn Tls-crypt Key Generate
How to secure correctly your OpenVPN connection you said?
Yes! This little code snippet will improve drasticaly the strength of your OpenVPN connection while keeping very good performances. You just have to add the code available below at the end of you configuration file.
![Openvpn tls key negotiation failed Openvpn tls key negotiation failed](/uploads/1/2/6/1/126130779/153106568.png)
Important precisions
- It may not work everywhere. @Korben (Twitter) got a problem because his server does not support ECDHE, if you can't use this configuration then try to change ECDHE by DHE in the tls-cipher parameters. It should works but it will consume more battery if you are on a mobile/laptop because it will not use Elliptic curves to exchange the key.
- You should check if your processor have AES-NI instructions. If yes then the key exchange should be protected from SPA (Simple Power Analysis) and DPA (Differencial Power Analysis) attacks + AES will be a lot faster.
- If this is your own server, you should use at least a 4096 bits RSA keypair. 2048 bits is becoming weak and I suggest you to stay away from this encryption strenght (don't even think about 1024 bits). If not, you should go to a VPN provider that have at least a 4096 bits RSA public key (most of VPN providers advertise that fact on their website).
- This will look off-topic but never, ever rely on PPTP or L2TP for sensitive informations.
Performances details
Crashes are very rare and no loss on 150mbps (OpenVPN cannot be faster than this due to 'its architecture, running in user space and not benefiting from kernel acceleration like IPsec (L2TP) does' according to VPN.ac).
![How to generate openvpn keys How to generate openvpn keys](/uploads/1/2/6/1/126130779/132517099.png)
Openvpn Tls Client
Any suggestions to improve this code snippet are welcome.