Skip to content

[pull] master from angristan:master#107

Merged
pull[bot] merged 2 commits into
namibia:masterfrom
angristan:master
Dec 18, 2025
Merged

[pull] master from angristan:master#107
pull[bot] merged 2 commits into
namibia:masterfrom
angristan:master

Conversation

@pull
Copy link
Copy Markdown

@pull pull Bot commented Dec 18, 2025
edited
Loading

See Commits and Changes for more details.

Created by pull[bot] (v2.0.0-alpha.4)

Can you help keep this open source service alive? 💖 Please sponsor : )

@angristan
feat: add peer-fingerprint authentication mode (OpenVPN 2.6+) (#1437)
df242ee 
## Summary

Implements support for OpenVPN's `--peer-fingerprint` option, enabling
PKI-less authentication using SHA256 certificate fingerprints instead of
a CA chain.

Closes #1361

## Changes

- Add `--auth-mode` option (`pki` or `fingerprint`) for install command
- Use Easy-RSA's `self-sign-server` and `self-sign-client` commands for
fingerprint mode
- Server stores client fingerprints in `<peer-fingerprint>` block in
`server.conf`
- Clients verify server using `peer-fingerprint` directive instead of CA
- Revocation removes fingerprint from config and reloads OpenVPN
(instant effect)
- Version check ensures OpenVPN 2.6+ when fingerprint mode is selected

## Usage

```bash
# Interactive mode prompts for auth mode choice

# CLI mode
./openvpn-install.sh install --auth-mode fingerprint
```

## Comparison

| Aspect | PKI Mode | Fingerprint Mode |
|--------|----------|------------------|
| Server cert | CA-signed | Self-signed |
| Client cert | CA-signed | Self-signed |
| Revocation | CRL-based | Remove fingerprint |
| OpenVPN | Any version | 2.6.0+ required |
| Best for | Large deployments | Small/home setups |
@angristan
docs: add FAQ entry for server-side split-tunnel configuration (#1436)
fd154b7 
Adds FAQ entry for server-side split-tunnel configuration.

Closes #443. The script is focused on the road warrior use case
(full-tunnel for privacy on untrusted networks), so split-tunnel is
documented as a manual post-install configuration rather than a built-in
feature.

Closes #547.
@pull pull Bot locked and limited conversation to collaborators Dec 18, 2025
@pull pull Bot added the ⤵️ pull label Dec 18, 2025
@pull pull Bot merged commit fd154b7 into namibia:master Dec 18, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

⤵️ pull

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@angristan