upgrade dhparam strength to 4096 and set cipher to AES-256-CBC in client

conf template and server conf

upgrade dhparam strength to 4096 and set cipher to AES-256-CBC in client
conf template and server conf
94a1d022 · Matthew Smith · 23461db1 · 94a1d022 · 94a1d022
Commit 94a1d022 authored May 22, 2018 by Matthew Smith
--- a/config/ovpn-client.conf
+++ b/config/ovpn-client.conf
@@ -9,6 +9,7 @@ comp-lzo
 client
 pkcs12 %%ORGNICK%%-%%USERNAME%%.p12
 ns-cert-type server
+cipher AES-256-CBC
 pull

 verb 4

--- a/debian/postinst
+++ b/debian/postinst
@@ -74,9 +74,9 @@ if [ ! -f /var/lib/openvpn-server/openssl/ca.key ]; then
 	echo " done."
 fi

-if [ ! -f /etc/openvpn-server/dh2048.pem ]; then
+if [ ! -f /etc/openvpn-server/dh4096.pem ]; then
 	echo -n "Generating dhparams (may take a while)..."
-	openssl dhparam -out /etc/openvpn-server/dh2048.pem 2048 >/tmp/ovpns-install.log 2>&1
+	openssl dhparam -out /etc/openvpn-server/dh4096.pem 4096 >/tmp/ovpns-install.log 2>&1
 	echo " done."
 fi

@@ -169,9 +169,11 @@ port 1194
 proto udp
 dev tun

-dh /etc/openvpn-server/dh2048.pem
+dh /etc/openvpn-server/dh4096.pem
 pkcs12 /etc/openvpn-server/$ORGNICK-server.p12
 crl-verify /etc/openvpn-server/ca.crl
+cipher AES-256-CBC
+
 client-config-dir /etc/openvpn/ccd

 $SERVERLINE