Commit 94a1d022 authored by Matthew Smith's avatar Matthew Smith
Browse files

upgrade dhparam strength to 4096 and set cipher to AES-256-CBC in client

conf template and server conf
parent 23461db1
......@@ -9,6 +9,7 @@ comp-lzo
client
pkcs12 %%ORGNICK%%-%%USERNAME%%.p12
ns-cert-type server
cipher AES-256-CBC
pull
verb 4
......
......@@ -74,9 +74,9 @@ if [ ! -f /var/lib/openvpn-server/openssl/ca.key ]; then
echo " done."
fi
if [ ! -f /etc/openvpn-server/dh2048.pem ]; then
if [ ! -f /etc/openvpn-server/dh4096.pem ]; then
echo -n "Generating dhparams (may take a while)..."
openssl dhparam -out /etc/openvpn-server/dh2048.pem 2048 >/tmp/ovpns-install.log 2>&1
openssl dhparam -out /etc/openvpn-server/dh4096.pem 4096 >/tmp/ovpns-install.log 2>&1
echo " done."
fi
......@@ -169,9 +169,11 @@ port 1194
proto udp
dev tun
dh /etc/openvpn-server/dh2048.pem
dh /etc/openvpn-server/dh4096.pem
pkcs12 /etc/openvpn-server/$ORGNICK-server.p12
crl-verify /etc/openvpn-server/ca.crl
cipher AES-256-CBC
client-config-dir /etc/openvpn/ccd
$SERVERLINE
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment