diff --git a/README.md b/README.md index b2c07ef..2913b47 100644 --- a/README.md +++ b/README.md @@ -83,7 +83,7 @@ Password-protected clients are not supported by the headless installation method - Choice to use a self-hosted resolver with Unbound (supports already existing Unbound installations) - Choice between TCP and UDP - NATed IPv6 support -- Compression disabled by default to prevent VORACLE. LZ4 and LZ0 algorithms available otherwise. +- Compression disabled by default to prevent VORACLE. LZ4 (v1/v2) and LZ0 algorithms available otherwise. - Unprivileged mode: run as `nobody`/`nogroup` - Block DNS leaks on Windows 10 - Randomised server certificate name @@ -170,7 +170,7 @@ If you want more information about an option mentioned below, head to the [OpenV Most of OpenVPN's encryption-related stuff is managed by [Easy-RSA](https://github.com/OpenVPN/easy-rsa). Defaults parameters are in the [vars.example](https://github.com/OpenVPN/easy-rsa/blob/v3.0.6/easyrsa3/vars.example) file. ### Compression -By default, OpenVPN doesn't enable compression. This script provides support for LZ0 and LZ4 algorithms, the latter being more efficient. +By default, OpenVPN doesn't enable compression. This script provides support for LZ0 and LZ4 (v1/v2) algorithms, the latter being more efficient. However, it is discouraged to use compression since it since the [VORACLE attack](https://protonvpn.com/blog/voracle-attack/) makes use of it. diff --git a/openvpn-install.sh b/openvpn-install.sh index 08daa7c..0685a72 100755 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -310,17 +310,21 @@ function installQuestions () { read -rp"Enable compression? [y/n]: " -e -i n COMPRESSION_ENABLED done if [[ $COMPRESSION_ENABLED == "y" ]];then - echo "Choose which compression algorithm you want to use:" - echo " 1) LZ4 (more efficient)" - echo " 2) LZ0" - until [[ $COMPRESSION_CHOICE =~ ^[1-2]$ ]]; do - read -rp"Compression algorithm [1-2]: " -e -i 1 COMPRESSION_CHOICE + echo "Choose which compression algorithm you want to use: (they are ordered by efficiency)" + echo " 1) LZ4-v2" + echo " 2) LZ4" + echo " 3) LZ0" + until [[ $COMPRESSION_CHOICE =~ ^[1-3]$ ]]; do + read -rp"Compression algorithm [1-3]: " -e -i 1 COMPRESSION_CHOICE done case $COMPRESSION_CHOICE in 1) - COMPRESSION_ALG="lz4" + COMPRESSION_ALG="lz4-v2" ;; 2) + COMPRESSION_ALG="lz4" + ;; + 3) COMPRESSION_ALG="lzo" ;; esac