New Content #15812
open
Recipe for OpenVPN Site-to-Site SSL/TLS with DCO
100%
Description
Currently, we have two S2S OpenVPN examples in our docs:
We have this one, which is a Site-to-Multi-site example:
https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-s2s-tls.html
This one is great, but since it relies on iroute commands to work, it doesn't work with DCO.
This example is better for DCO, except it is an example with PSK, not TLS, so the big warnings drive people off:
https://docs.netgate.com/pfsense/en/latest/recipes/openvpn-s2s-psk.html
Basically, right now the best way to configure things for maximum throughput is a Single Site to Single Site, DCO enabled, TLS-based tunnel, which we don't have an example for. You can sort of piece good chunks from both of these existing documentation items and combine them, but customers are looking for a turnkey "best practice" doc and not wanting to sift through two different example docs to piece together the best options.
As such, I think we either need to add a third example or wipe the PSK one away and re-write it with TLS.
Updated by