Transport Layer Security (TLS) is a cryptographic protocol that uses public key cryptography and does not require the two endpoints to have a preshared secret. OpenVPN uses TLS with X.509 certificates and requires public key infrastructure (PKI) to generate the certificates.
When TLS is used, OpenVPN works as follows:
- Using PKI, the administrator generates a certificate and the associated files for each endpoint. All certificates are signed by the certificate authority (CA) of the PKI. The certificate for an endpoint contains many pieces of information, one of which is the name of the endpoint, which is stored in the Common Name field of the certificate.
- The administrator transfers each certificate and the associated files to the corresponding endpoint by using a pre-established, secure channel (for example, SCP).
- When two endpoints need to establish the VPN tunnel, one endpoint takes a passive role while the other endpoint must take an active role and initiate the TLS session with the passive endpoint.
- After the active endpoint initiates the TLS session, the two sides authenticate each other by using their public-private key pairs and the public key of the CA, which is known to both endpoints.
- After the two endpoints have authenticated each other, they establish a shared secret by using public-key cryptography. Each endpoint then derives a set of keys for the session. As for the preshared secret mechanism, these keys are then used for encryption and MAC on the tunnel data to provide data confidentiality and integrity. However, unlike the preshared secret mechanism, these keys are used only for the one session, and for this reason they are called session keys.
Certificate generation and distribution using PKI involves numerous complex security issues, which are outside the scope of this document.