octoleo/openvpn-install
1
1
Fork 0
mirror of https://github.com/namibia/openvpn-install.git synced 2024-11-16 17:25:12 +00:00
Code Issues Releases Activity
152 Commits 5 Branches 0 Tags 869 KiB
ecf2a3ed81
Commit Graph

82 Commits

Author SHA1 Message Date
jtbr
ecf2a3ed81 Undo TLS-CIPHER changes in f376ce91 in deference to harvester57's pull request 2016-05-10 22:30:38 +00:00
jtbr
2d39183284 Revert "my personal preferences, and limit 3 simultaneous clients" 
This reverts commit 804c7aa9ed.
 2016-05-10 22:30:38 +00:00
jtbr
de648aaa83 my personal preferences, and limit 3 simultaneous clients 2016-05-10 22:30:38 +00:00
jtbr
73eb665b82 merging readme changes 2016-05-10 22:29:43 +00:00
jtbr
868eea3477 Support ios openvpn connect using CBC, SHA128 tls-cipher. Update readme. 2016-05-10 22:21:52 +00:00
jtbr
30958ac55e this time actually fix the quoting issue for ip option 3 2016-05-10 22:21:52 +00:00
jtbr
3e913ea286 enable tls-auth and perfect forwarding secrecy 2016-05-10 22:21:52 +00:00
jtbr
891951fec8 run openvpn unprivileged 2016-05-10 22:21:52 +00:00
jtbr
950e307fbf fix dns option 3 with single quotes 2016-05-10 22:21:52 +00:00
Angristan
2f541b5399 Ubuntu 16.04 compatibility 2016-05-06 20:32:34 +02:00
Florian STOSSE
9aeb5b7c47 Remove old fix 
This fix was intended to overcome hardcoded buffers values in old OpenVPN revisions (see https://www.lowendtalk.com/discussion/40099/why-openvpn-is-so-slow-cool-story). This is not needed anymore, as OpenVPN now use OS buffers (see https://community.openvpn.net/openvpn/ticket/461 and https://community.openvpn.net/openvpn/changeset/c72dbb8b470ab7b25fc74e41aed4212db48a9d2f/). It should lead to better performances over fast networks.

Signed-off-by: Florian STOSSE <contact@harvester.fr>
 2016-03-22 11:47:24 +01:00
Angristan
6b4c00c394 Clarification for NAT 2016-03-21 21:43:34 +01:00
Angristan
21d8f78f4f Disable compression 2016-03-21 17:43:48 +01:00
Harvester
bf97d67f26 Revert ciphers 
My bad !
 2016-03-21 17:13:36 +01:00
Harvester
787784058a Disable compression client-side too 2016-03-21 16:18:18 +01:00
Florian Stosse
064c5bfe4a Typo 
OpenVPN doesn't really like the way it was written
 2016-03-21 13:30:17 +01:00
Florian Stosse
1a73a20240 Also change tls-cipher for clients 2016-03-21 13:26:37 +01:00
Florian Stosse
b15cd6cf81 Add more than one cipogers to tls-cipher 
Just in case we need to fallback or downgrade
 2016-03-21 13:20:35 +01:00
Florian Stosse
8b89b1743c Disable compression 
For a hardened OpenVPN configuration, compression should be disabled : https://github.com/BetterCrypto/Applied-Crypto-Hardening/pull/91#issuecomment-75388575
 2016-03-21 13:13:57 +01:00
Angristan
faaa48d372 Fix ca-certificates errors 2016-03-19 22:51:00 +01:00
Angristan
1bf105e809 The BIG update 
Deleted latest and legacy mode
Use OpenVPN 2.3.10 with custom repo
Add a check at start for Debian/Ubuntu
Fast mode with 2048 bits RSA and DH, 128 bits AES, SHA-256 certificate
Slow mode with 4096 bits RSA and DH, 256 bits AES, SHA-384 certificate
AES-256-CBC and SHA512 for HMAC auth
Add OpenNIC as a DNS option + GeoIP API
Delete NTT and Huricane Electric DNS
Other improvements
 2016-03-19 17:41:18 +01:00
Angristan
157c27512a Combine latest and legacy version 2016-03-15 19:11:35 +01:00
Angristan
4fef7869d9 Fix which bug on CentOS 7 minimal 
7fb12dc5cb
 2016-03-14 21:37:14 +01:00
Angristan
1be02be239 TAP is not needed 2016-03-14 21:22:08 +01:00
Angristan
cbc7abc3dd Clarifies that it supports Scaleway NATed servers 2016-03-14 18:03:02 +01:00
Angristan
48252378ff Revert changes 2016-03-13 20:47:18 +01:00
Angristan
f49f187de2 Install which 2016-03-13 19:21:58 +01:00
Angristan
e9d6191925 Set FDN as default DNS 2016-03-13 15:13:46 +01:00
Angristan
f22fbc3cf0 No need to cp vars.example 2016-03-10 13:17:07 +01:00
Angristan
9b8ad887c3 New cipher 2016-03-09 22:59:03 +01:00
Angristan
5bc1d8e37a Add 4096 bits DH 2016-03-09 21:11:13 +01:00
Angristan
85c466e634 Remove 4096 bits DH 2016-03-09 21:10:41 +01:00
Angristan
a7e89ed0dd Add 4096 bits DH 2016-03-09 21:08:24 +01:00
Angristan
9146fd5523 Reorder DNS Servers 2016-03-08 23:53:30 +01:00
Angristan
1614923b1a TLS 1.2 only 2016-03-08 23:15:52 +01:00
Angristan
0ac534115a Use real encryption : AES-256-CBC 2016-03-08 17:40:22 +01:00
Angristan
6463979cc7 Update openvpn-install.sh 2016-03-08 17:12:09 +01:00
Angristan
efdd53c79f Remove logs and add FDN's DNS servers 2016-02-29 17:47:01 +01:00
Angristan
8d95e922ce update from source with latest commits 2016-02-27 10:52:51 +01:00
Angristan
c428975b66 Delete logs 2015-12-25 22:17:51 +01:00
angrysnarl
a1b57a1c31 Fixed rm -rf commands for revoking user certs 2015-12-16 00:15:08 +08:00
Nyr
0df84e4541 Fix #105 2015-12-14 22:36:40 +01:00
Nyr
e58addc2c5 Verify server certificate during easy-rsa download 2015-11-24 23:04:56 +01:00
Nyr
d55effb08c Update to easy-rsa 3.0.1 2015-11-21 15:35:51 +01:00
Nyr
73da43b872 Merge pull request #88 from ValdikSS/buf 
Do not allow OpenVPN to set (low) buffer sizes
 2015-11-15 19:36:15 +01:00
Nyr
51998f0d56 Merge pull request #87 from ValdikSS/euid 
Use EUID to check root
 2015-11-15 19:35:26 +01:00
ValdikSS
0265fc0e06 Use different exit codes on error 2015-11-15 13:37:22 +03:00
ValdikSS
15a39afd11 Do not allow OpenVPN to set (low) buffer sizes 2015-11-15 13:36:20 +03:00
ValdikSS
2574097eb4 Use EUID to check root 2015-11-15 13:34:19 +03:00
Nyr
d32416561b Grep for DROP as well as REJECT 2015-10-07 19:57:04 +02:00