Angristan
GitHub
parent
17a9d76ae9
commit
d3b0ec10e7
|
|
@ -22,19 +22,18 @@ On the client-side, it's less problematic, but if you want to use an OpenVPN ser
|
|||
This fork includes the following features :
|
||||
- Every feature of the [original script](https://github.com/Nyr/openvpn-install)
|
||||
- No comp-lzo [compression is a vector for oracle attacks, e.g. CRIME or BREACH](https://github.com/BetterCrypto/Applied-Crypto-Hardening/pull/91#issuecomment-75388575)
|
||||
- Better encryption (see below)
|
||||
- [Avoid DNS leak on Windows 10](https://community.openvpn.net/openvpn/ticket/605)
|
||||
- UFW support
|
||||
- Better encryption (see below)
|
||||
- TLS 1.2 only
|
||||
- Strong ciphers, DH keys and certificates. (see variants)
|
||||
- AES-256-CBC and SHA-512 for HMAC (instead of BF-128-CBC and SHA1)
|
||||
- Run server in unprivileged mode, reducing risks to the system
|
||||
- TLS-auth to help [thwart DoS attacks](https://openvpn.net/index.php/open-source/documentation/howto.html#security) and provide a 2nd line of defense to the TLS channel.
|
||||
- Run server in unprivileged mode, reducing risks to the system
|
||||
- [FDN's DNS Servers](http://www.fdn.fr/actions/dns/)
|
||||
- [DNS.WATCH DNS Servers](https://dns.watch/index)
|
||||
- Up-to-date OpenVPN (2.3.11) thanks to [EPEL](http://fedoraproject.org/wiki/EPEL) and [swupdate.openvpn.net](https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos)
|
||||
- Support for either SNAT or MASQUERADE for forwarding
|
||||
- Choice for UDP or TCP
|
||||
- Other improvements
|
||||
|
||||
## Variants
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue