mirror of
https://github.com/namibia/openvpn-install.git
synced 2024-12-22 14:58:54 +00:00
parent
980a483ebc
commit
dea1d6db2b
@ -83,7 +83,7 @@ Password-protected clients are not supported by the headless installation method
|
|||||||
- Choice to use a self-hosted resolver with Unbound (supports already existing Unbound installations)
|
- Choice to use a self-hosted resolver with Unbound (supports already existing Unbound installations)
|
||||||
- Choice between TCP and UDP
|
- Choice between TCP and UDP
|
||||||
- NATed IPv6 support
|
- NATed IPv6 support
|
||||||
- Compression disabled by default to prevent VORACLE. LZ4 and LZ0 algorithms available otherwise.
|
- Compression disabled by default to prevent VORACLE. LZ4 (v1/v2) and LZ0 algorithms available otherwise.
|
||||||
- Unprivileged mode: run as `nobody`/`nogroup`
|
- Unprivileged mode: run as `nobody`/`nogroup`
|
||||||
- Block DNS leaks on Windows 10
|
- Block DNS leaks on Windows 10
|
||||||
- Randomised server certificate name
|
- Randomised server certificate name
|
||||||
@ -170,7 +170,7 @@ If you want more information about an option mentioned below, head to the [OpenV
|
|||||||
Most of OpenVPN's encryption-related stuff is managed by [Easy-RSA](https://github.com/OpenVPN/easy-rsa). Defaults parameters are in the [vars.example](https://github.com/OpenVPN/easy-rsa/blob/v3.0.6/easyrsa3/vars.example) file.
|
Most of OpenVPN's encryption-related stuff is managed by [Easy-RSA](https://github.com/OpenVPN/easy-rsa). Defaults parameters are in the [vars.example](https://github.com/OpenVPN/easy-rsa/blob/v3.0.6/easyrsa3/vars.example) file.
|
||||||
### Compression
|
### Compression
|
||||||
|
|
||||||
By default, OpenVPN doesn't enable compression. This script provides support for LZ0 and LZ4 algorithms, the latter being more efficient.
|
By default, OpenVPN doesn't enable compression. This script provides support for LZ0 and LZ4 (v1/v2) algorithms, the latter being more efficient.
|
||||||
|
|
||||||
However, it is discouraged to use compression since it since the [VORACLE attack](https://protonvpn.com/blog/voracle-attack/) makes use of it.
|
However, it is discouraged to use compression since it since the [VORACLE attack](https://protonvpn.com/blog/voracle-attack/) makes use of it.
|
||||||
|
|
||||||
|
@ -310,17 +310,21 @@ function installQuestions () {
|
|||||||
read -rp"Enable compression? [y/n]: " -e -i n COMPRESSION_ENABLED
|
read -rp"Enable compression? [y/n]: " -e -i n COMPRESSION_ENABLED
|
||||||
done
|
done
|
||||||
if [[ $COMPRESSION_ENABLED == "y" ]];then
|
if [[ $COMPRESSION_ENABLED == "y" ]];then
|
||||||
echo "Choose which compression algorithm you want to use:"
|
echo "Choose which compression algorithm you want to use: (they are ordered by efficiency)"
|
||||||
echo " 1) LZ4 (more efficient)"
|
echo " 1) LZ4-v2"
|
||||||
echo " 2) LZ0"
|
echo " 2) LZ4"
|
||||||
until [[ $COMPRESSION_CHOICE =~ ^[1-2]$ ]]; do
|
echo " 3) LZ0"
|
||||||
read -rp"Compression algorithm [1-2]: " -e -i 1 COMPRESSION_CHOICE
|
until [[ $COMPRESSION_CHOICE =~ ^[1-3]$ ]]; do
|
||||||
|
read -rp"Compression algorithm [1-3]: " -e -i 1 COMPRESSION_CHOICE
|
||||||
done
|
done
|
||||||
case $COMPRESSION_CHOICE in
|
case $COMPRESSION_CHOICE in
|
||||||
1)
|
1)
|
||||||
COMPRESSION_ALG="lz4"
|
COMPRESSION_ALG="lz4-v2"
|
||||||
;;
|
;;
|
||||||
2)
|
2)
|
||||||
|
COMPRESSION_ALG="lz4"
|
||||||
|
;;
|
||||||
|
3)
|
||||||
COMPRESSION_ALG="lzo"
|
COMPRESSION_ALG="lzo"
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
Loading…
Reference in New Issue
Block a user