angristan
parent
7ed823cdf2
commit
b898a99485
|
|
@ -43,7 +43,7 @@ In your home directory, you will have `.ovpn` files. These are the client config
|
|||
- Choice to use a self-hosted resolver with Unbound (supports already existing Unboud installations)
|
||||
- Choice between TCP and UDP
|
||||
- NATed IPv6 support
|
||||
- Compression disabled to prevent VORACLE
|
||||
- Compression disabled by default to prevent VORACLE. LZ4 and LZ0 algorithms available otherwise.
|
||||
- Unprivileged mode: run as `nobody`/`nogroup`
|
||||
- Block DNS leaks on Windows 10
|
||||
- Randomized server certificate name
|
||||
|
|
|
|||
|
|
@ -251,6 +251,27 @@ function installOpenVPN () {
|
|||
fi
|
||||
done
|
||||
echo ""
|
||||
echo "Do you want to use compression? It is not recommended since the VORACLE attack make use of it."
|
||||
until [[ $COMPRESSION_ENABLED =~ (y|n) ]]; do
|
||||
read -p "Enable compression? [y/n]: " -e -i n COMPRESSION_ENABLED
|
||||
done
|
||||
if [[ $COMPRESSION_ENABLED == "y" ]];then
|
||||
echo "Choose which compression algorithm you want to use:"
|
||||
echo " 1) LZ4 (faster)"
|
||||
echo " 2) LZ0 (use for OpenVPN 2.3 compatibility)"
|
||||
until [[ $COMPRESSION_CHOICE =~ [1-2] ]]; do
|
||||
read -p "Compression algorithm [1-2]: " -e -i 1 COMPRESSION_CHOICE
|
||||
done
|
||||
case $COMPRESSION_CHOICE in
|
||||
1)
|
||||
COMPRESSION_ALG="lz4"
|
||||
;;
|
||||
2)
|
||||
COMPRESSION_ALG="lzo"
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
echo ""
|
||||
echo "Do you want to customize encryption settings?"
|
||||
echo "Unless you know what you're doing, you should stick with the default parameters provided by the script."
|
||||
echo "Note that whatever you choose, all the choices presented in the script are safe. (Unlike OpenVPN's defaults)"
|
||||
|
|
@ -468,6 +489,10 @@ push "route-ipv6 2000::/3"
|
|||
push "redirect-gateway ipv6"' >> /etc/openvpn/server.conf
|
||||
fi
|
||||
|
||||
if [[ $COMPRESSION_ENABLED == "y" ]]; then
|
||||
echo "compress $COMPRESSION_ALG" >> /etc/openvpn/server.conf
|
||||
fi
|
||||
|
||||
echo "crl-verify crl.pem
|
||||
ca ca.crt
|
||||
cert $SERVER_NAME.crt
|
||||
|
|
@ -610,6 +635,10 @@ tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
|
|||
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
|
||||
verb 3" >> /etc/openvpn/client-template.txt
|
||||
|
||||
if [[ $COMPRESSION_ENABLED == "y" ]]; then
|
||||
echo "compress $COMPRESSION_ALG" >> /etc/openvpn/client-template.txt
|
||||
fi
|
||||
|
||||
# Generate the custom client.ovpn
|
||||
newClient
|
||||
echo "If you want to add more clients, you simply need to run this script another time!"
|
||||
|
|
|
|||
Loading…
Reference in New Issue