1
1
mirror of https://github.com/namibia/openvpn-install.git synced 2024-11-10 15:10:54 +00:00
Go to file
Angristan 7a5bb93cbe AES-256 is not necessarily the most secure cipher
Indeed, it it most vulnerable to Timing Attacks : https://en.wikipedia.org/wiki/Length_extension_attack

Also, AES 128 is secure enough for every one, so it's still the recommended cipher.
2016-12-04 17:21:41 +01:00
LICENSE Update date and copyright holder 2016-11-20 13:26:50 +01:00
openvpn-install.sh AES-256 is not necessarily the most secure cipher 2016-12-04 17:21:41 +01:00
README.md Arch Linux + other changes 2016-11-26 17:20:56 +01:00

##openvpn-install Secure OpenVPN installer for Debian, Ubuntu, ArchLinux and CentOS.

This script will let you setup your own secure VPN server in no more than a minute.

##Fork

This script is based on the great work of Nyr and its contributors.

I made it because I wanted to have a more secured OpenVPN out-of-the-box. It works like the original script, but is more focused on privacy and espicially better encryption. Nyr's original script uses mainly default parameters regarding encryption, which are not bad, but you can do a lot better with the latest versions of OpenVPN and have nearly state-of-the-art encryption.

Also, Nyr and myself clearly have not the same point of view regarding this script, that's why it's a fork.

The only drawback is that you need to use a recent version of OpenVPN, because some options are only availble since OpenVPN 2.3.3. Therefore I restrain the compatibility of this script to a few but widely used GNU/Linux distributions, to get a recent version of OpenVPN from trusted third-party repositories, if needed.

On the client-side, it's less problematic, but if you want to use an OpenVPN server installed with this script with an old client (<2.3.3), it won't work. If you can't upgrade your client (which is a security problem), use Nyr's script.

Features

This fork includes the following features :

Variants

When you lauch the script you will be asked to choose a mode. Both will work the same way, but slow has higher encryption settings, so it may slow down your connection and take more time to install.

If you're just using your VPN at home, you may choose "fast". But if you're often using public Wi-Fi or traveling a lot, you choose use slow.

FYI, "fast" is still more secured than default OpenVPN settings.

Slow (high encryption)

Features :

  • 4096 bits RSA private key
  • 4096 bits Diffie-Hellman key
  • 256 bits AES-GCM
  • SHA-384 RSA certificate

Fast (lower encryption)

Features :

  • 2048 bits RSA private key
  • 2048 bits Diffie-Hellman key
  • 128 bits AES-GCM
  • SHA-256 RSA certificate

Compatibility

The script is made to work on these OS :

  • Debian 7
  • Debian 8
  • Ubuntu 12.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 16.04 LTS
  • Ubuntu 16.10
  • CentOS 6
  • CentOS 7
  • Arch Linux

##Installation

You have to enable the TUN module otherwise OpenVPN won't work. Ask your host if you don't know how to do it. If the TUN module is not enabled, the script will tell you.

Run the script and follow the assistant:

wget https://raw.githubusercontent.com/Angristan/OpenVPN-install/master/openvpn-install.sh
chmod +x openvpn-install.sh
./openvpn-install.sh

Once it ends, you can run it again to add more users, remove some of them or even completely uninstall OpenVPN.

You can get a cheap VPS for 3€/month at PulseHeberg.

Credits & Licence

Thanks to the contributors

Old repo

MIT Licence