chromatic/openvpn-install
1
0
Fork 0
mirror of https://github.com/hwdsl2/openvpn-install.git synced 2026-01-11 19:06:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Improve VPN ciphers

Browse Source 
- Switch to the faster AES-128-GCM cipher and SHA256.
  Thanks @do02fw for the suggestion in #12.
This commit is contained in:
hwdsl2
2023-07-04 22:48:23 -05:00
parent cf856186cd
commit c3eb5b8344
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
openvpn-install.sh
View File

@@ -650,7 +650,7 @@ ca ca.crt
cert server.crt cert server.crt
key server.key key server.key
dh dh.pem dh dh.pem
auth SHA512 auth SHA256
tls-crypt tc.key tls-crypt tc.key
topology subnet topology subnet
server 10.8.0.0 255.255.255.0" > /etc/openvpn/server/server.conf server 10.8.0.0 255.255.255.0" > /etc/openvpn/server/server.conf
@@ -706,7 +706,7 @@ server 10.8.0.0 255.255.255.0" > /etc/openvpn/server/server.conf
esac esac
echo 'push "block-outside-dns"' >> /etc/openvpn/server/server.conf echo 'push "block-outside-dns"' >> /etc/openvpn/server/server.conf
echo "keepalive 10 120 echo "keepalive 10 120
cipher AES-256-CBC cipher AES-128-GCM
user nobody user nobody
group $group_name group $group_name
persist-key persist-key
@@ -806,8 +806,8 @@ nobind
persist-key persist-key
persist-tun persist-tun
remote-cert-tls server remote-cert-tls server
auth SHA512 auth SHA256
cipher AES-256-CBC cipher AES-128-GCM
ignore-unknown-option block-outside-dns ignore-unknown-option block-outside-dns
verb 3" > /etc/openvpn/server/client-common.txt verb 3" > /etc/openvpn/server/client-common.txt
# Enable and start the OpenVPN service # Enable and start the OpenVPN service