octoleo
/
openvpn-install
mirror of https://github.com/namibia/openvpn-install.git
1
1
Fork 0
Code Issues Releases Activity

Some clarification

This commit is contained in:
Angristan 2016-11-20 15:29:23 +01:00 committed by GitHub
parent 903270be4b
commit 77301f9a9d
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
README.md
View File

@ -1,5 +1,5 @@
##openvpn-install
OpenVPN [road warrior](http://en.wikipedia.org/wiki/Road_warrior_%28computing%29) installer for Debian, Ubuntu and CentOS.
Secure OpenVPN installer for Debian, Ubuntu and CentOS.
This script will let you setup your own secure VPN server in no more than a minute.
@ -7,19 +7,20 @@ This script will let you setup your own secure VPN server in no more than a minu
##Fork
This script is based on the great work of [Nyr and its contributors](https://github.com/Nyr/openvpn-install), big thanks to them.
This script is based on the great work of [Nyr and its contributors](https://github.com/Nyr/openvpn-install).
I made it because I wanted to have a more secured OpenVPN out-of-the-box. It works like the original script, but is more focused on privacy and espicially better encryption. Nyr's original script uses mainly default parameters regarding encryption, but you can do a lot better with the latest versions of OpenVPN and have nearly state-of-the-art encryption.
I made it because I wanted to have a more secured OpenVPN out-of-the-box. It works like the original script, but is more focused on privacy and espicially better encryption. Nyr's original script uses mainly default parameters regarding encryption, which are not *bad*, but you can do a lot better with the latest versions of OpenVPN and have nearly state-of-the-art encryption.
The only drawback is that you need to use a recent version of OpenVPN. Therefore I restrain the compatibility of this script to a few but widely used GNU/Linux distributions, to get a recent version of OpenVPN from trusted third-party repositories.
Also, Nyr and myself clearly have not the same point of view regarding this script, that's why it's a fork.
I you want to use an OpenVPN server installed with this script with an old client (>2.3), it won't be compatible. If you can't upgrade your client, use Nyr's script.
The only drawback is that you need to use a recent version of OpenVPN, because some options are only availble since OpenVPN 2.3.3. Therefore I restrain the compatibility of this script to a few but widely used GNU/Linux distributions, to get a recent version of OpenVPN from trusted third-party repositories, if needed.
On the client-side, it's less problematic, but if you want to use an OpenVPN server installed with this script with an old client (\<2.3.3), it won't work. If you can't upgrade your client (which is a security problem), use Nyr's script.
### Features
This fork includes the following features :
- Every feature of the [original script](https://github.com/Nyr/openvpn-install)
- No logs
- No comp-lzo [compression is a vector for oracle attacks, e.g. CRIME or BREACH](https://github.com/BetterCrypto/Applied-Crypto-Hardening/pull/91#issuecomment-75388575)
- Better encryption (see below)
- Avoid DNS leak
@ -30,7 +31,6 @@ This fork includes the following features :
- Run server in unprivileged mode, reducing risks to the system
- TLS-auth to help [thwart DoS attacks](https://openvpn.net/index.php/open-source/documentation/howto.html#security) and provide a 2nd line of defense to the TLS channel.
- [FDN's DNS Servers](http://www.fdn.fr/actions/dns/)
- Nearest [OpenNIC DNS Servers](https://www.opennicproject.org/)
- [DNS.WATCH DNS Servers](https://dns.watch/index)
- Up-to-date OpenVPN (2.3.11) thanks to [EPEL](http://fedoraproject.org/wiki/EPEL) and [swupdate.openvpn.net](https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos)
- Support for either SNAT or MASQUERADE for forwarding