From c3eb5b8344bf18976b234fc94b0d57bf9b2a12af Mon Sep 17 00:00:00 2001
From: hwdsl2 <hwdsl2@users.noreply.github.com>
Date: Tue, 4 Jul 2023 22:48:23 -0500
Subject: [PATCH] Improve VPN ciphers

- Switch to the faster AES-128-GCM cipher and SHA256.
  Thanks @do02fw for the suggestion in #12.
---
 openvpn-install.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/openvpn-install.sh b/openvpn-install.sh
index 2c0d1cc..46f429c 100644
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@@ -650,7 +650,7 @@ ca ca.crt
 cert server.crt
 key server.key
 dh dh.pem
-auth SHA512
+auth SHA256
 tls-crypt tc.key
 topology subnet
 server 10.8.0.0 255.255.255.0" > /etc/openvpn/server/server.conf
@@ -706,7 +706,7 @@ server 10.8.0.0 255.255.255.0" > /etc/openvpn/server/server.conf
 	esac
 	echo 'push "block-outside-dns"' >> /etc/openvpn/server/server.conf
 	echo "keepalive 10 120
-cipher AES-256-CBC
+cipher AES-128-GCM
 user nobody
 group $group_name
 persist-key
@@ -806,8 +806,8 @@ nobind
 persist-key
 persist-tun
 remote-cert-tls server
-auth SHA512
-cipher AES-256-CBC
+auth SHA256
+cipher AES-128-GCM
 ignore-unknown-option block-outside-dns
 verb 3" > /etc/openvpn/server/client-common.txt
 	# Enable and start the OpenVPN service