octoleo/openvpn-install
1
1
Fork 0
mirror of https://github.com/namibia/openvpn-install.git synced 2024-11-10 23:10:55 +00:00
Code Issues Releases Activity
450 Commits 5 Branches 0 Tags 828 KiB
6ec3b5b26f
Commit Graph

450 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Angristan
8c66c8e684 Fix client revocation 
A client revocation would make crl.pem unreadable and thus blocking any other client to connect.

Fixes https://github.com/Angristan/OpenVPN-install/pull/47, https://github.com/Angristan/OpenVPN-install/issues/25 and https://github.com/Angristan/OpenVPN-install/issues/49.
 2017-06-25 19:58:41 +02:00
Kenneth Zhao
d74318562d adding support for debian 9 stretch 2017-06-25 09:38:52 -07:00
Angristan
ec41b64b15 Added Yandex Basic DNS resolvers 
Nice speed for Russia
 2017-06-23 14:32:16 +02:00
Angristan
a2a3bfc605 Added Yandex Basic DNS resolvers 
https://dns.yandex.com/

Nice for Russia.
 2017-06-23 14:30:57 +02:00
Angristan
d712e15795 Support OpenSSL 1.1.0 DH generation 
Fixes dh.pem gen on Debian 9 and Arch Linux

https://github.com/Angristan/OpenVPN-install/issues/64
https://github.com/Angristan/OpenVPN-install/issues/74

https://www.debian.org/releases/stretch/amd64/release-notes/ch-information.en.html#openssl-issues
 2017-06-18 21:12:25 +02:00
Angristan
5d40c041dd More proper remove 
openvpn-blacklist isn't installed with Debian 9.
 2017-06-18 21:07:15 +02:00
Angristan
0bc1e6ea59 Add support for Ubuntu 17.04 2017-05-07 23:59:43 +02:00
Angristan
823ff21fcc Add support for Ubuntu 17.04 2017-05-07 23:56:19 +02:00
DrXala
fa9e5235f9 Close Angristan/OpenVPN-install#46 
This patch is for Angristan/OpenVPN-install#46
 2017-04-23 12:43:33 +02:00
Angristan
b3f62850e7 Fix broken headings in Markdown files 
Merge pull request #53 from bryant1410/master
 2017-04-17 14:33:31 +02:00
Santiago Castro
504597fe96 Fix broken Markdown headings 2017-04-16 23:21:39 -03:00
Angristan
e8554eb35a Updates links 2017-03-01 17:10:33 +01:00
Angristan
06c66a96a7 Correct typo 2017-02-06 14:05:58 +01:00
Angristan
adfb8b9a2f Update LICENSE 2016-12-20 15:04:12 +01:00
Angristan
63ed1449de Merge pull request #11 from Seeder101/patch-1 (typo) 
Fix typos
 2016-12-17 20:01:18 +01:00
Seeder101
89925cbbe8 Update openvpn-install.sh 
change sould to should and correct adress to address in line 195
 2016-12-11 16:03:40 +03:00
Seeder101
e548a61dcc Update openvpn-install.sh 
change sould to should
 2016-12-11 15:58:06 +03:00
Angristan
316ecfe7f4 Use SHA-256 instead of SHA-384 
Following 693bd13fa7
 2016-12-11 12:11:11 +01:00
Angristan
693bd13fa7 Use SHA-256 instead of SHA-384 
Thanks to David_5.1 (https://angristan.fr/mise-a-jour-de-mon-script-openvpn/#comment-2750) who pointed out that there was a mistake on the Wikipédia page of the Length extension attack (https://en.wikipedia.org/wiki/Length_extension_attack), and it was affecting all the SHA2 family, not just SHA256. It's a theoretical attack though. I didn't find any reason to use one member of the SHA2 family more than an other, so I switched to SHA-256 for now.
 2016-12-11 12:07:50 +01:00
Angristan
7f6a007637 Add source for the crypto update 🔐 2016-12-04 19:00:26 +01:00
Angristan
98a0dbf26d Fix typo of the crypto update 🔐 
Thanks to https://twitter.com/TiCubius/status/805468611875897344
 2016-12-04 18:49:08 +01:00
Angristan
da64aa8df8 The crypto update 🔐 + improvements 
Following this commit : 56477bba34

I wanted to improve the readability of the Readme, and also explain myself regarding the encryption parameters I have chosen in the script.

I took hours to write and add the sources, so I may have made some mistakes. I'll gladly accept any feedback ^^
 2016-12-04 18:24:38 +01:00
Angristan
7a5bb93cbe AES-256 is not necessarily the most secure cipher 
Indeed, it it most vulnerable to Timing Attacks : https://en.wikipedia.org/wiki/Length_extension_attack

Also, AES 128 is secure enough for every one, so it's still the recommended cipher.
 2016-12-04 17:21:41 +01:00
Angristan
56477bba34 The crypto update 🔐 
- Removed "fast" and "slow" mode (not a good idea, I prefer to give the choice for the parameters directly)
- Corrected some confusion between the cipher for the data channel and the control channel, my bad.
- using TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 by default for the control channel
- using SHA384 by default for HMAC auth and RSA certificate
- giving the choice for the cipher of the data channel, the size of the DH key and the RSA Key

I will explain all my choices here : https://github.com/Angristan/OpenVPN-install#encryption (likely tomorrow)
 2016-11-28 22:13:32 +01:00
Angristan
c03a55f11f Making sure a correct DNS option is selected 2016-11-27 14:31:25 +01:00
Angristan
421d69e92d Arch Linux + other changes 2016-11-26 17:20:56 +01:00
TheKinrar
50f39963e6 Merge branch 'TheKinrar-master' 2016-11-26 16:13:23 +01:00
TheKinrar
f76db9f589 Merge branch 'master' of https://github.com/TheKinrar/OpenVPN-install into TheKinrar-master 2016-11-26 16:13:02 +01:00
TheKinrar
c659a47dd4 Add ArchLinux to README 2016-11-26 16:03:37 +01:00
TheKinrar
f3ff29d6c7 rc.local fix 2016-11-25 18:25:37 +01:00
Angristan
d3b0ec10e7 Remove UFW and MASQUERADE 
See 17a9d76ae9
 2016-11-25 01:01:10 +01:00
Angristan
17a9d76ae9 Remove ufw and MASQUERADE support 
Not useful, badly implemented.
 2016-11-25 00:59:03 +01:00
Angristan
218e474f85 Add logs 
Can be useful.
 2016-11-24 23:34:15 +01:00
Angristan
2db5ff8adf Avoid DNS leak on W10 2016-11-24 23:04:24 +01:00
Angristan
98ca79a9de Move rc.local and sysctl installation after the confirmation 2016-11-24 20:28:49 +01:00
TheKinrar
358e80b5a6 sysctl fix, again. 2016-11-24 19:37:45 +01:00
TheKinrar
cc657fa459 Fixed rc.local and sysctl.conf files on ArchLinux 2016-11-24 18:07:23 +01:00
Angristan
f9016fb3b5 Add TCP support 2016-11-23 20:22:57 +01:00
TheKinrar
9b261809eb Automatically enable and start iptables on ArchLinux. 2016-11-22 19:55:17 +01:00
TheKinrar
6e2b5cb439 Added ArchLinux support. 2016-11-21 20:59:00 +01:00
Angristan
80dbca6e63 Add TCP support 
There is now the choice to use TCP or UDP for OpenVPN protocol. You should always use UDP, but TCP can be useful sometimes : on lossy networks or to bypass some blockage
 2016-11-21 19:57:52 +01:00
Angristan
662fe26f5b I don't know why it wasn't like this from the beginning 2016-11-20 23:09:42 +01:00
Angristan
552709059e Fix my previous commit 
My bad.
 2016-11-20 22:50:51 +01:00
Angristan
a09ef4868a The user can choose to continue the installer even if its OS is not supported 
At its own risk of course. But usefull if using Ubuntu beta or Debian unstable/testing
 2016-11-20 22:47:23 +01:00
Angristan
457005d03a Add old repo 2016-11-20 16:39:36 +01:00
Angristan
cbd57e6416 Add contributors 2016-11-20 16:03:59 +01:00
Angristan
77301f9a9d Some clarification 2016-11-20 15:29:23 +01:00
Angristan
903270be4b Remove OpenNIC servers 
Not consistant and can't really be trusted
 2016-11-20 15:01:42 +01:00
Angristan
b0f271bc5f Specify the location of the DNS servers 2016-11-20 14:52:47 +01:00
Angristan
1e80e145f0 Fix title 2016-11-20 14:23:48 +01:00