octoleo/openvpn-install
1
1
Fork 0
mirror of https://github.com/namibia/openvpn-install.git synced 2025-02-02 09:08:24 +00:00
Code Issues Releases Activity

Remove UFW and MASQUERADE

Browse Source 
See 17a9d76ae9
This commit is contained in:
Angristan 2016-11-25 01:01:10 +01:00 committed by GitHub
parent 17a9d76ae9
commit d3b0ec10e7
1 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
README.md
View File

@ -22,19 +22,18 @@ On the client-side, it's less problematic, but if you want to use an OpenVPN ser
This fork includes the following features :
- Every feature of the [original script](https://github.com/Nyr/openvpn-install)
- No comp-lzo [compression is a vector for oracle attacks, e.g. CRIME or BREACH](https://github.com/BetterCrypto/Applied-Crypto-Hardening/pull/91#issuecomment-75388575)
- Better encryption (see below)
- [Avoid DNS leak on Windows 10](https://community.openvpn.net/openvpn/ticket/605)
- UFW support
- Better encryption (see below)
- TLS 1.2 only
- Strong ciphers, DH keys and certificates. (see variants)
- AES-256-CBC and SHA-512 for HMAC (instead of BF-128-CBC and SHA1)
- Run server in unprivileged mode, reducing risks to the system
- TLS-auth to help [thwart DoS attacks](https://openvpn.net/index.php/open-source/documentation/howto.html#security) and provide a 2nd line of defense to the TLS channel.
- Run server in unprivileged mode, reducing risks to the system
- [FDN's DNS Servers](http://www.fdn.fr/actions/dns/)
- [DNS.WATCH DNS Servers](https://dns.watch/index)
- Up-to-date OpenVPN (2.3.11) thanks to [EPEL](http://fedoraproject.org/wiki/EPEL) and [swupdate.openvpn.net](https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos)
- Support for either SNAT or MASQUERADE for forwarding
- Choice for UDP or TCP
- Other improvements
## Variants