2013-05-14 12:04:19 +00:00
##openvpn-install
2015-02-11 18:51:19 +00:00
OpenVPN [road warrior ](http://en.wikipedia.org/wiki/Road_warrior_%28computing%29 ) installer for Debian, Ubuntu and CentOS.
2013-05-14 12:04:19 +00:00
2015-02-11 18:51:19 +00:00
This script will let you setup your own VPN server in no more than a minute, even if you haven't used OpenVPN before. It isn't bulletproof but has been designed to be as unobtrusive and universal as possible.
2013-05-14 12:04:19 +00:00
2016-03-13 14:41:05 +00:00
##Fork
2016-03-08 22:16:52 +00:00
This fork includes :
2016-03-19 16:38:34 +00:00
- No logs
2016-03-21 17:36:08 +00:00
- No comp-lzo [compression is a vector for oracle attacks, e.g. CRIME or BREACH ](https://github.com/BetterCrypto/Applied-Crypto-Hardening/pull/91#issuecomment-75388575 )
2016-03-19 16:38:34 +00:00
- Better encryption (see below)
2016-03-08 22:16:52 +00:00
- TLS 1.2 only
2016-03-19 16:38:34 +00:00
- AES-256-CBC and SHA-512 for HMAC (instead of BF-128-CBC and SHA1)
2016-04-12 09:38:14 +00:00
- Run server in unprivileged mode, reducing risks to the system
- TLS-auth to help [thwart DoS attacks ](https://openvpn.net/index.php/open-source/documentation/howto.html#security ) and provide a 2nd line of defense to the TLS channel.
2016-03-08 22:51:02 +00:00
- [FDN's DNS Servers ](http://www.fdn.fr/actions/dns/ )
2016-03-19 16:38:34 +00:00
- Nearest [OpenNIC DNS Servers ](https://www.opennicproject.org/ )
2016-05-10 20:56:34 +00:00
- Up-to-date OpenVPN (2.3.11) thanks to [EPEL ](http://fedoraproject.org/wiki/EPEL ) and [swupdate.openvpn.net ](https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos )
2016-05-10 22:29:43 +00:00
- Support for either SNAT or MASQUERADE for forwarding
2016-03-09 15:46:56 +00:00
- Every feature of the [original script ](https://github.com/Nyr/openvpn-install ) (I check periodically to sync the latest commits from source)
2016-03-08 22:16:52 +00:00
2016-03-19 16:38:34 +00:00
## Variants
2016-03-13 14:41:05 +00:00
2016-03-19 16:38:34 +00:00
When you lauch the script you will be asked to choose a mode. Both will work the same way, but *slow* has higher encryption settings, so it may slow down your connection and take more time to install.
2016-03-15 20:36:05 +00:00
2016-03-19 16:38:34 +00:00
If you're just using your VPN at home, you may choose "fast". But if you're often using public Wi-Fi or traveling a lot, you choose use *slow* .
2016-03-15 20:36:05 +00:00
2016-03-19 16:38:34 +00:00
FYI, "fast" is still more secured than default OpenVPN settings.
2016-03-15 20:36:05 +00:00
2016-03-19 16:38:34 +00:00
### Slow (high encryption)
Features :
- 4096 bits RSA private key
- 4096 bits Diffie-Hellman key
- 256 bits AES-GCM
- SHA-384 RSA certificate
2016-03-13 14:41:05 +00:00
2016-04-29 20:00:09 +00:00
### Fast (lower encryption)
2016-03-19 16:38:34 +00:00
Features :
- 2048 bits RSA private key
- 2048 bits Diffie-Hellman key
2016-04-29 20:00:09 +00:00
- 128 bits AES-GCM
- SHA-256 RSA certificate
2016-03-13 14:41:05 +00:00
2016-03-19 16:38:34 +00:00
## Compatibility
2016-03-13 14:53:09 +00:00
2016-03-19 16:38:34 +00:00
The script is made to work on these OS :
- Debian 7
2016-03-13 14:41:05 +00:00
- Debian 8
2016-03-19 16:38:34 +00:00
- Ubuntu 12.04 LTS
- Ubuntu 14.04 LTS
2016-03-13 14:41:05 +00:00
- Ubuntu 15.10
2016-05-06 18:32:53 +00:00
- Ubuntu 16.04 LTS
2016-03-14 20:20:03 +00:00
- CentOS 6
- CentOS 7
2016-03-13 14:41:05 +00:00
2016-03-19 16:38:34 +00:00
Each one has been test by myself.
2016-03-13 14:53:09 +00:00
2016-03-19 16:38:34 +00:00
##Installation
2016-03-13 14:53:09 +00:00
2016-03-19 16:38:34 +00:00
Run the script and follow the assistant:
2016-03-13 14:41:05 +00:00
2016-03-19 16:38:34 +00:00
```
2016-04-03 16:55:58 +00:00
wget --no-check-certificate https://bit.ly/ovpn-install -O openvpn-install.sh
2016-03-19 16:38:34 +00:00
chmod +x openvpn-install.sh
./openvpn-install.sh
```
2016-03-15 20:37:58 +00:00
2016-03-19 16:38:34 +00:00
Once it ends, you can run it again to add more users, remove some of them or even completely uninstall OpenVPN.
2016-03-13 14:41:05 +00:00
2016-01-01 12:53:28 +00:00
2016-03-27 00:27:47 +00:00
You can get a cheap VPS for 2€/month at [PulseHeberg](http://manager.pulseheberg.com/aff.php?aff=1204
).
2016-01-01 12:53:28 +00:00
## Licence
2016-03-13 14:41:05 +00:00
Based on the work of [Nyr ](https://github.com/Nyr/openvpn-install )
2016-01-01 12:53:46 +00:00
[MIT Licence ](https://raw.githubusercontent.com/Angristan/openvpn-install-nyr/master/LICENSE )