Make encryption customization optional

A lot of people don't know much about cryptography.
Since the script already overwrite OpenVPN's default settings, there is no need for most people to modify them.
This commit is contained in:
angristan 2018-09-21 17:17:41 +02:00
parent 0f67214490
commit 4144fa9dff

View File

@ -250,17 +250,27 @@ function installOpenVPN () {
fi fi
done done
echo "" echo ""
echo "See https://github.com/Angristan/OpenVPN-install#encryption to learn more about " echo "Do you want to customize encryption settings?"
echo "the encryption in OpenVPN and the choices I made in this script." echo "Unless you know what you're doing, you should stick with the default parameters provided by the script."
echo "Please note that all the choices proposed are secure (to a different degree)" echo "Note that whatever you choose, all the choices presented in the script are safe. (Unlike OpenVPN's defaults)"
echo "and are still viable to date, unlike some default OpenVPN options" echo "See https://github.com/angristan/openvpn-install#encryption to learn more."
echo ""
until [[ $CUSTOMIZE_ENC =~ (y|n) ]]; do
read -rp "Customize encryption settings? [y/n]: " -e -i n CUSTOMIZE_ENC
done
if [[ $CUSTOMIZE_ENC == "n" ]];then
# Use default, sane and fast paramters
CIPHER="cipher AES-128-CBC"
DH_KEY_SIZE="2048"
RSA_KEY_SIZE="2048"
else
echo "" echo ""
echo "Choose which cipher you want to use for the data channel:" echo "Choose which cipher you want to use for the data channel:"
echo " 1) AES-128-CBC (recommended)" echo " 1) AES-128-CBC (recommended)"
echo " 2) AES-192-CBC" echo " 2) AES-192-CBC"
echo " 3) AES-256-CBC" echo " 3) AES-256-CBC"
until [[ "$CIPHER_CHOICE" =~ ^[0-9]+$ ]] && [ "$CIPHER_CHOICE" -ge 1 -a "$CIPHER_CHOICE" -le 3 ]; do until [[ "$CIPHER_CHOICE" =~ ^[0-9]+$ ]] && [ "$CIPHER_CHOICE" -ge 1 -a "$CIPHER_CHOICE" -le 3 ]; do
read -rp "CIPHER_CHOICE [1-7]: " -e -i 1 CIPHER_CHOICE read -rp "Cipher [1-7]: " -e -i 1 CIPHER_CHOICE
done done
case $CIPHER_CHOICE in case $CIPHER_CHOICE in
1) 1)
@ -311,8 +321,9 @@ function installOpenVPN () {
RSA_KEY_SIZE="4096" RSA_KEY_SIZE="4096"
;; ;;
esac esac
fi
echo "" echo ""
echo "Okay, that was all I needed. We are ready to setup your OpenVPN server now" echo "Okay, that was all I needed. We are ready to setup your OpenVPN server now."
echo "You will be able to generate a client at the end of the installtion." echo "You will be able to generate a client at the end of the installtion."
read -n1 -r -p "Press any key to continue..." read -n1 -r -p "Press any key to continue..."