New Content #15812
closedRecipe for OpenVPN Site-to-Site SSL/TLS with DCO
100%
Description
Currently, we have two S2S OpenVPN examples in our docs:
We have this one, which is a Site-to-Multi-site example:
https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-s2s-tls.html
This one is great, but since it relies on iroute commands to work, it doesn't work with DCO.
This example is better for DCO, except it is an example with PSK, not TLS, so the big warnings drive people off:
https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-s2s-psk.html
Basically, right now the best way to configure things for maximum throughput is a Single Site to Single Site, DCO enabled, TLS-based tunnel, which we don't have an example for. You can sort of piece good chunks from both of these existing documentation items and combine them, but customers are looking for a turnkey "best practice" doc and not wanting to sift through two different example docs to piece together the best options.
As such, I think we either need to add a third example or wipe the PSK one away and re-write it with TLS.
Updated by Jim Pingle about 2 months ago
- Tracker changed from Todo to New Content
- Subject changed from OpenVPN Site-to-Site Examples Need Updating to OpenVPN Site-to-Site with DCO Example
The existing recipes are OK, what's missing is a new/separate example dedicated to DCO.
Updated by Jim Pingle about 1 month ago
- Subject changed from OpenVPN Site-to-Site with DCO Example to Recipe for OpenVPN Site-to-Site SSL/TLS with DCO
- Status changed from New to In Progress
- Assignee set to Jim Pingle
I went through and tested a few scenarios and made some notes, and made sure it worked with static routing in OpenVPN, as well as with BGP or OSPF. I'll start on a new recipe for this soon.
Updated by Jim Pingle about 1 month ago
- Status changed from In Progress to Feedback
- % Done changed from 0 to 100
Updated by Jim Pingle about 1 month ago
Updated by Kris Phillips 19 days ago
- Status changed from Feedback to Resolved
New documentation looks good. Provided it to a customer today, in fact.
Closing this one out. Thanks Jim!