Easy-TLS Inter-active TLS-key builder Menu.
====================
To cancel this inter-active menu at any time, press Control-C
* Available TLS-key types:
[1] TLS-Auth key - Legacy HMAC pre-shared key
[2] TLS-Crypt-V1 key - Basic TLS-crypt-v1 pre-shared key
[3] TLS-Crypt-V2 key for Server - Advanced TLS-Crypt-v2 Server key
[4] TLS-Crypt-V2 key for Client - Advanced TLS-Crypt-v2 Client key
[5] TLS-Crypt-V2 GROUP Client key - Advanced TLS-Crypt-v2 GROUP Client key
Select the type of TLS-key to build: 4
* Build TLS-Crypt-V2 key for Client
====================
To cancel this inter-active menu at any time, press Control-C
* First, you MUST enter your *Server* commonName.
* This field only requires the certificate commonName,
it does not require the complete file name.
Enter the commonName of your * Server * certificate: tuns_01194u
====================
To cancel this inter-active menu at any time, press Control-C
* Now, enter your *Client* commonName.
* This field only requires the certificate commonName,
it does not require the complete file name.
Enter the commonName of your * Client * certificate: arch
====================
To cancel this inter-active menu at any time, press Control-C
* Configure a custom group.
You can configure a single Custom-Group like so:
$ ./easytls config custom.group NAME
If you want to configure a Custom-Group now then quit this menu.
If you have configured your Custom-Group or do not require a Custom-Group
then leave this field blank.
* Your current Custom-Group is: wiscii
Enter your Custom-Group or leave this blank to continue:
====================
To cancel this inter-active menu at any time, press Control-C
* Each X509 Client certificate can have multiple TLS-Crypt-V2 keys,
these keys are referred to as Sub-keys. Each Sub-key is used in
a separate inline file with the same X509 Client certificate.
Enter the Sub-key Name for your key or leave blank to continue:
====================
To cancel this inter-active menu at any time, press Control-C
* You can lock this key to specific filter-addresses.
Hardware-addresses can be in the form of:
* 0123456789ab or 01-23-45-67-89-AB or 01:23:45:67:89:AB
IP-addresses can be in the form of:
* IPv4 CIDR - eg: 1.2.0.0/16, 1.2.3.0/24 or 1.2.3.4/32
* IPv6 CIDR - eg: 2000:1:2:3::/64 or 2000:1:2:3:4:5:6:7/128
Ranges are in the first forms above. If you want to lock to a specific
IP address (Not recommended) then you must use a host mask:
* 1.2.3.4/32(v4) or 2000:1:2:3:4:5:6:7/128(v6)
This field can contain any mixture of valid filter-addresses,
however, each filter-address MUST be entered individually.
Enter a single filter-address or leave blank to continue: 10.1.101.0/24
====================
To cancel this inter-active menu at any time, press Control-C
Current list: 10.1.101.0/24
Enter a single filter-address or leave blank to continue:
====================
* Easy-TLS command:
* ./easytls --custom-group=wiscii build-tls-crypt-v2-client tuns_01194u arch 10.1.101.0/24
====================
Error log:
Error: Invalid Address: 10.1.101.0/24
Easy-TLS 2.8.0 (0)
Using
build
:The problem above is the space before
[ ]10.1.101.0/24
fails with error 11: https://github.com/TinCanTech/easy-tls/blob/e488621774e3cdbcc73021e310466f1f10bfef4b/easytls#L5790-L5795