1
1
mirror of https://github.com/namibia/openvpn-install.git synced 2024-12-22 14:58:54 +00:00

Add support for lz4-v2 (#444)

Close #366
This commit is contained in:
Stanislas 2019-07-05 17:49:31 +02:00 committed by GitHub
parent 980a483ebc
commit dea1d6db2b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 8 deletions

View File

@ -83,7 +83,7 @@ Password-protected clients are not supported by the headless installation method
- Choice to use a self-hosted resolver with Unbound (supports already existing Unbound installations) - Choice to use a self-hosted resolver with Unbound (supports already existing Unbound installations)
- Choice between TCP and UDP - Choice between TCP and UDP
- NATed IPv6 support - NATed IPv6 support
- Compression disabled by default to prevent VORACLE. LZ4 and LZ0 algorithms available otherwise. - Compression disabled by default to prevent VORACLE. LZ4 (v1/v2) and LZ0 algorithms available otherwise.
- Unprivileged mode: run as `nobody`/`nogroup` - Unprivileged mode: run as `nobody`/`nogroup`
- Block DNS leaks on Windows 10 - Block DNS leaks on Windows 10
- Randomised server certificate name - Randomised server certificate name
@ -170,7 +170,7 @@ If you want more information about an option mentioned below, head to the [OpenV
Most of OpenVPN's encryption-related stuff is managed by [Easy-RSA](https://github.com/OpenVPN/easy-rsa). Defaults parameters are in the [vars.example](https://github.com/OpenVPN/easy-rsa/blob/v3.0.6/easyrsa3/vars.example) file. Most of OpenVPN's encryption-related stuff is managed by [Easy-RSA](https://github.com/OpenVPN/easy-rsa). Defaults parameters are in the [vars.example](https://github.com/OpenVPN/easy-rsa/blob/v3.0.6/easyrsa3/vars.example) file.
### Compression ### Compression
By default, OpenVPN doesn't enable compression. This script provides support for LZ0 and LZ4 algorithms, the latter being more efficient. By default, OpenVPN doesn't enable compression. This script provides support for LZ0 and LZ4 (v1/v2) algorithms, the latter being more efficient.
However, it is discouraged to use compression since it since the [VORACLE attack](https://protonvpn.com/blog/voracle-attack/) makes use of it. However, it is discouraged to use compression since it since the [VORACLE attack](https://protonvpn.com/blog/voracle-attack/) makes use of it.

View File

@ -310,17 +310,21 @@ function installQuestions () {
read -rp"Enable compression? [y/n]: " -e -i n COMPRESSION_ENABLED read -rp"Enable compression? [y/n]: " -e -i n COMPRESSION_ENABLED
done done
if [[ $COMPRESSION_ENABLED == "y" ]];then if [[ $COMPRESSION_ENABLED == "y" ]];then
echo "Choose which compression algorithm you want to use:" echo "Choose which compression algorithm you want to use: (they are ordered by efficiency)"
echo " 1) LZ4 (more efficient)" echo " 1) LZ4-v2"
echo " 2) LZ0" echo " 2) LZ4"
until [[ $COMPRESSION_CHOICE =~ ^[1-2]$ ]]; do echo " 3) LZ0"
read -rp"Compression algorithm [1-2]: " -e -i 1 COMPRESSION_CHOICE until [[ $COMPRESSION_CHOICE =~ ^[1-3]$ ]]; do
read -rp"Compression algorithm [1-3]: " -e -i 1 COMPRESSION_CHOICE
done done
case $COMPRESSION_CHOICE in case $COMPRESSION_CHOICE in
1) 1)
COMPRESSION_ALG="lz4" COMPRESSION_ALG="lz4-v2"
;; ;;
2) 2)
COMPRESSION_ALG="lz4"
;;
3)
COMPRESSION_ALG="lzo" COMPRESSION_ALG="lzo"
;; ;;
esac esac