From 25448611c2a2df79c4e1c57de0c44f2a22513607 Mon Sep 17 00:00:00 2001 From: Angristan Date: Sat, 19 Mar 2016 17:38:34 +0100 Subject: [PATCH] The BIG update --- README.md | 79 ++++++++++++++++++++++++++++--------------------------- 1 file changed, 40 insertions(+), 39 deletions(-) diff --git a/README.md b/README.md index e58b917..9279540 100644 --- a/README.md +++ b/README.md @@ -5,14 +5,50 @@ This script will let you setup your own VPN server in no more than a minute, eve ##Fork This fork includes : -- no logs +- No logs +- Better encryption (see below) - TLS 1.2 only -- AES-128-GCM encryption (instead of BF-CBC) -- Legacy version for less hardened encryption -- 4096 bits DH (instead of 2048 bits) +- AES-256-CBC and SHA-512 for HMAC (instead of BF-128-CBC and SHA1) - [FDN's DNS Servers](http://www.fdn.fr/actions/dns/) +- Nearest [OpenNIC DNS Servers](https://www.opennicproject.org/) +- Up-to-date OpenVPN (2.3.10) thanks to [EPEL](http://fedoraproject.org/wiki/EPEL) and [swupdate.openvpn.net](https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos) - Every feature of the [original script](https://github.com/Nyr/openvpn-install) (I check periodically to sync the latest commits from source) +## Variants + +When you lauch the script you will be asked to choose a mode. Both will work the same way, but *slow* has higher encryption settings, so it may slow down your connection and take more time to install. + +If you're just using your VPN at home, you may choose "fast". But if you're often using public Wi-Fi or traveling a lot, you choose use *slow*. + +FYI, "fast" is still more secured than default OpenVPN settings. + +### Slow (high encryption) +Features : +- 4096 bits RSA private key +- 4096 bits Diffie-Hellman key +- 256 bits AES-GCM +- SHA-384 RSA certificate + +### Fast (lower encryption) +Features : +- 2048 bits RSA private key +- 2048 bits Diffie-Hellman key +- 128 bits AES-GCM +- SHA-256 RSA certificate + +## Compatibility + +The script is made to work on these OS : +- Debian 7 +- Debian 8 +- Ubuntu 12.04 LTS +- Ubuntu 14.04 LTS +- Ubuntu 15.10 +- CentOS 6 +- CentOS 7 + +Each one has been test by myself. + ##Installation Run the script and follow the assistant: @@ -25,41 +61,6 @@ chmod +x openvpn-install.sh Once it ends, you can run it again to add more users, remove some of them or even completely uninstall OpenVPN. -##Variants - -When you will launch the script, you will be asked to choose the variant of the script you want to use. - -To check your OpenVPN version, use `openvpn --version` - -If your server **and** your client have OpenVPN 2.3.3 or higher, use *latest*. If your server **or** your client have OpenVPN 2.3.2 or lower, use *legacy*. - -I made two versions to make sure you can get the best encryption possible, but also to support most devices as possible. - -###Latest (OpenVPN > 2.3.3) - -It will work for : -- Debian 8 -- Ubuntu 15.10 -- CentOS 6 -- CentOS 7 -- All recent clients with OpenVPN 2.3.3 or higher - -###Legacy (OpenVPN < 2.3.2) - -It's the same script as *latest*, but with TLS 1.0 instead of TLS 1.2 and AES-256-CBC instead of AES-128-GCM. (OpenVPN 2.3.2 and lower doesn't support `tls-min` and `tls-cipher`) - -Other features are still included. - -The following Operating Systems are only supported by the *legacy* variant : -- Debian 7 -- Ubuntu 12.04 LTS -- Ubuntu 14.04 LTS -- Ubuntu 15.04 -- All older clients with OpenVPN 2.3.2 or lower (it *could* be NAS devices, routers, etc) - -If your server and/or your client does not support OpenVPN 2.3.3 or higher, you should use *legacy*. - - You can get a high speed VPS in 14 locations around the world at [Vultr](http://www.vultr.com/?ref=6879746). (Sign up for 5$ free credit !)