I'm almost too embarrassed to ask this, I thought I understood it and now I'm not sure.
I set up OpenVPN servers on my router many months ago, used a strong username and password, downloaded the openvpn config file and put it on my client iPhone using iTunes. It was almost too easy and it works perfectly.
Before I set it up, I came across articles related to Asuswrt-Merlin which talked about generating the public-private key pairs, Diffe-Helman parameters etc. (I'd done it for ssh but this seemed too much like hard work.)
So what I thought I was doing, by generating and exporting the ovpn config file from the router to the iPhone, was using OpenVPN, not with the ultimate encryption afforded by public-private keys, but with a lesser standard of encryption using a (strong) username and password pair. But, after having started to look at reducing NVRAM size, and having seen, in the Advanced Settings, the CA cert, the server cert and key and the DF parameters (and an empty static key box), I'm starting to wonder if I had it all wrong and I have, indeed, been using public-private keys. (On the other hand, I wondered if the clients' public keys don't possibly have to be in the router, though I'm not too sure of that.) And if I am using key-pair encryption, I question what those articles mean about having to self-generate my own key pairs and DF parameters, when the exporting of the config file method was easier than falling off a log.
I accept that that if I don't understand what I'm doing I shouldn't be doing it, but then I still haven't fathomed out how the Colgate toothpaste dispenser works, but it hasn't stopped me using it.
So embarrassment aside, am I indeed using key-pair encryption (with the added protection of a username and password) and it's all magically exported to the client via the ovpn config file, and talk of generating keys using easy-rsa is a throwback to an earlier time? Or am I using a fairly basic but adequate (for my needs) encryption afforded by a strong username and password?
I set up OpenVPN servers on my router many months ago, used a strong username and password, downloaded the openvpn config file and put it on my client iPhone using iTunes. It was almost too easy and it works perfectly.
Before I set it up, I came across articles related to Asuswrt-Merlin which talked about generating the public-private key pairs, Diffe-Helman parameters etc. (I'd done it for ssh but this seemed too much like hard work.)
So what I thought I was doing, by generating and exporting the ovpn config file from the router to the iPhone, was using OpenVPN, not with the ultimate encryption afforded by public-private keys, but with a lesser standard of encryption using a (strong) username and password pair. But, after having started to look at reducing NVRAM size, and having seen, in the Advanced Settings, the CA cert, the server cert and key and the DF parameters (and an empty static key box), I'm starting to wonder if I had it all wrong and I have, indeed, been using public-private keys. (On the other hand, I wondered if the clients' public keys don't possibly have to be in the router, though I'm not too sure of that.) And if I am using key-pair encryption, I question what those articles mean about having to self-generate my own key pairs and DF parameters, when the exporting of the config file method was easier than falling off a log.
I accept that that if I don't understand what I'm doing I shouldn't be doing it, but then I still haven't fathomed out how the Colgate toothpaste dispenser works, but it hasn't stopped me using it.
So embarrassment aside, am I indeed using key-pair encryption (with the added protection of a username and password) and it's all magically exported to the client via the ovpn config file, and talk of generating keys using easy-rsa is a throwback to an earlier time? Or am I using a fairly basic but adequate (for my needs) encryption afforded by a strong username and password?
