diff --git a/README.md b/README.md index f807daf..5567219 100644 --- a/README.md +++ b/README.md @@ -18,18 +18,19 @@ Supported authentication methods: - Client certificate auth - Both of them -| Name | Description | Required when | -|--------------------|-----------------------------------------------|-------------------------| -| `username` | Username | Username-password auth | -| `password` | Password | Username-password auth | -| `client_key` | Local peer's private key | Client certificate auth | -| `tls_auth_key` | Pre-shared secret for TLS-auth HMAC signature | Optional | -| `tls_crypt_v2_key` | Pre-shared secret for TLS-crypt-v2 | Optional | +| Name | Description | Required when | +|--------------------|------------------------------------|-------------------------| +| `username` | Username | Username-password auth | +| `password` | Password | Username-password auth | +| `client_key` | Local peer's private key | Client certificate auth | +| `tls_auth_key` | Pre-shared group key for TLS Auth | Optional | +| `tls_crypt_key` | Pre-shared group key for TLS Crypt | Optional | +| `tls_crypt_v2_key` | Per-client key for TLS Crypt V2 | Optional | > **Note: It is strongly recommended that you provide all credentials via [encrypted secrets](https://docs.github.com/en/actions/security-guides/encrypted-secrets).** -When providing TLS keys, you should provide *only one of* either `tls_auth_key` or `tls_crypt_v2_key`. +When providing TLS keys, you should provide *only one of* either `tls_auth_key`, `tls_crypt_key` or `tls_crypt_v2_key`. You can determine which by checking the value of your key and looking in the header line. [See the docs for more info about TLS in OpenVPN](https://openvpn.net/vpn-server-resources/tls-control-channel-security-in-openvpn-access-server)