Angristan
52f4e471bb
Add DNS.WATCH DNS resolvers
2016-06-11 00:32:08 +02:00
jtbr
52cae76873
fix typo
2016-06-10 14:36:22 +02:00
jtbr
b93a3369fb
Avoid inline comments in /etc/default/ufw; place pre-openvpn settings on new line
2016-06-10 14:33:26 +02:00
jtbr
eff3b83fe3
Support old clients that might not recognize blocking
2016-06-03 13:09:00 +02:00
jtbr
4a07541953
uninstall new firewalld rules
2016-05-17 05:55:27 +02:00
jtbr
a420a6cbcd
add firewalld configuration for masquerading and reorganize to ensure firewalld command ordering is safe
2016-05-17 05:44:47 +02:00
jtbr
4f8cad83cf
add ufw rule to allow traffic on chosen udp port
2016-05-17 05:29:31 +02:00
jtbr
e2b9f116d4
Add setup for ufw firewall when using MASQUERADE
2016-05-17 05:04:23 +02:00
jtbr
ff7a7a5c3d
Prevent DNS leaks on windows (v2.3.9+, ignored on other platforms)
2016-05-17 05:03:26 +02:00
jtbr
b910dbb9ec
clarify that the external address can be either an IP or a domain name
2016-05-10 22:50:58 +00:00
jtbr
3c8a6a0469
Merge branch 'master' of https://github.com/jtbr/OpenVPN-install
...
Conflicts:
README.md
openvpn-install.sh
2016-05-10 22:34:51 +00:00
jtbr
ecf2a3ed81
Undo TLS-CIPHER changes in f376ce91
in deference to harvester57's pull request
2016-05-10 22:30:38 +00:00
jtbr
2d39183284
Revert "my personal preferences, and limit 3 simultaneous clients"
...
This reverts commit 804c7aa9ed
.
2016-05-10 22:30:38 +00:00
jtbr
de648aaa83
my personal preferences, and limit 3 simultaneous clients
2016-05-10 22:30:38 +00:00
jtbr
73eb665b82
merging readme changes
2016-05-10 22:29:43 +00:00
jtbr
868eea3477
Support ios openvpn connect using CBC, SHA128 tls-cipher. Update readme.
2016-05-10 22:21:52 +00:00
jtbr
30958ac55e
this time actually fix the quoting issue for ip option 3
2016-05-10 22:21:52 +00:00
jtbr
3e913ea286
enable tls-auth and perfect forwarding secrecy
2016-05-10 22:21:52 +00:00
jtbr
891951fec8
run openvpn unprivileged
2016-05-10 22:21:52 +00:00
jtbr
950e307fbf
fix dns option 3 with single quotes
2016-05-10 22:21:52 +00:00
jtbr
5824365ebc
support either nogroup or nobody for permissionless group
2016-05-07 22:58:18 +02:00
Angristan
2f541b5399
Ubuntu 16.04 compatibility
2016-05-06 20:32:34 +02:00
jtbr
4baf845e36
Undo TLS-CIPHER changes in f376ce91
in deference to harvester57's pull request
2016-04-29 20:00:09 +00:00
jtbr
d87e87036f
Revert "my personal preferences, and limit 3 simultaneous clients"
...
This reverts commit 804c7aa9ed
.
2016-04-20 22:55:25 +00:00
jtbr
804c7aa9ed
my personal preferences, and limit 3 simultaneous clients
2016-04-12 10:16:58 +00:00
jtbr
2fe0fa2062
Allow forwarding using either SNAT or MASQUERADE (as required by some setups)
2016-04-12 10:05:28 +00:00
jtbr
f376ce912f
Support ios openvpn connect using CBC, SHA128 tls-cipher. Update readme.
2016-04-12 09:38:14 +00:00
jtbr
a65523eb1c
this time actually fix the quoting issue for ip option 3
2016-04-10 19:45:33 +02:00
jtbr
b3fb14bcb4
enable tls-auth and perfect forwarding secrecy
2016-04-10 18:53:29 +02:00
jtbr
d844154a45
run openvpn unprivileged
2016-04-10 18:36:15 +02:00
jtbr
01003c88f8
fix dns option 3 with single quotes
2016-04-10 18:26:49 +02:00
Florian STOSSE
9aeb5b7c47
Remove old fix
...
This fix was intended to overcome hardcoded buffers values in old OpenVPN revisions (see https://www.lowendtalk.com/discussion/40099/why-openvpn-is-so-slow-cool-story ). This is not needed anymore, as OpenVPN now use OS buffers (see https://community.openvpn.net/openvpn/ticket/461 and https://community.openvpn.net/openvpn/changeset/c72dbb8b470ab7b25fc74e41aed4212db48a9d2f/ ). It should lead to better performances over fast networks.
Signed-off-by: Florian STOSSE <contact@harvester.fr>
2016-03-22 11:47:24 +01:00
Angristan
6b4c00c394
Clarification for NAT
2016-03-21 21:43:34 +01:00
Angristan
21d8f78f4f
Disable compression
2016-03-21 17:43:48 +01:00
Harvester
bf97d67f26
Revert ciphers
...
My bad !
2016-03-21 17:13:36 +01:00
Harvester
787784058a
Disable compression client-side too
2016-03-21 16:18:18 +01:00
Florian Stosse
064c5bfe4a
Typo
...
OpenVPN doesn't really like the way it was written
2016-03-21 13:30:17 +01:00
Florian Stosse
1a73a20240
Also change tls-cipher for clients
2016-03-21 13:26:37 +01:00
Florian Stosse
b15cd6cf81
Add more than one cipogers to tls-cipher
...
Just in case we need to fallback or downgrade
2016-03-21 13:20:35 +01:00
Florian Stosse
8b89b1743c
Disable compression
...
For a hardened OpenVPN configuration, compression should be disabled : https://github.com/BetterCrypto/Applied-Crypto-Hardening/pull/91#issuecomment-75388575
2016-03-21 13:13:57 +01:00
Angristan
faaa48d372
Fix ca-certificates errors
2016-03-19 22:51:00 +01:00
Angristan
1bf105e809
The BIG update
...
Deleted latest and legacy mode
Use OpenVPN 2.3.10 with custom repo
Add a check at start for Debian/Ubuntu
Fast mode with 2048 bits RSA and DH, 128 bits AES, SHA-256 certificate
Slow mode with 4096 bits RSA and DH, 256 bits AES, SHA-384 certificate
AES-256-CBC and SHA512 for HMAC auth
Add OpenNIC as a DNS option + GeoIP API
Delete NTT and Huricane Electric DNS
Other improvements
2016-03-19 17:41:18 +01:00
Angristan
157c27512a
Combine latest and legacy version
2016-03-15 19:11:35 +01:00
Angristan
4fef7869d9
Fix which bug on CentOS 7 minimal
...
7fb12dc5cb
2016-03-14 21:37:14 +01:00
Angristan
1be02be239
TAP is not needed
2016-03-14 21:22:08 +01:00
Angristan
cbc7abc3dd
Clarifies that it supports Scaleway NATed servers
2016-03-14 18:03:02 +01:00
Angristan
48252378ff
Revert changes
2016-03-13 20:47:18 +01:00
Angristan
f49f187de2
Install which
2016-03-13 19:21:58 +01:00
Angristan
e9d6191925
Set FDN as default DNS
2016-03-13 15:13:46 +01:00
Angristan
f22fbc3cf0
No need to cp vars.example
2016-03-10 13:17:07 +01:00