From bc4165e5878e1c0ae0c95d9693a9c4f3e0dfc9f2 Mon Sep 17 00:00:00 2001
From: Kyle Manna <kyle@kylemanna.com>
Date: Wed, 4 Jun 2014 15:34:42 -0700
Subject: [PATCH] tls-auth: Enable tls-auth for security

* Enabling tls-auth improves security and helps protect against DDoS.
---
 bin/ovpn_getclient | 8 ++++----
 bin/ovpn_init      | 4 ++--
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/bin/ovpn_getclient b/bin/ovpn_getclient
index b455dbc..f0e743c 100755
--- a/bin/ovpn_getclient
+++ b/bin/ovpn_getclient
@@ -37,10 +37,10 @@ $(cat $EASYRSA_PKI/ca.crt)
 <dh>
 $(cat $EASYRSA_PKI/dh.pem)
 </dh>
-#<tls-auth>
-#$(echo cat $EASYRSA_PKI/ta.key)
-#</tls-auth>
-#key-direction 1
+<tls-auth>
+$(cat $EASYRSA_PKI/ta.key)
+</tls-auth>
+key-direction 1
 
 <connection>
 remote $servername 1194 udp
diff --git a/bin/ovpn_init b/bin/ovpn_init
index 5ddce75..27f522f 100755
--- a/bin/ovpn_init
+++ b/bin/ovpn_init
@@ -44,8 +44,8 @@ key $EASYRSA_PKI/private/$cn.key
 ca $EASYRSA_PKI/ca.crt
 cert $EASYRSA_PKI/issued/$cn.crt
 dh $EASYRSA_PKI/dh.pem
-#tls-auth $EASYRSA_PKI/ta.key
-#key-direction 0
+tls-auth $EASYRSA_PKI/ta.key
+key-direction 0
 keepalive 10 60
 persist-key
 persist-tun