From 5bc1d8e37a126361c8a2d2286604941da08b6cfc Mon Sep 17 00:00:00 2001
From: Angristan <stanislas.lange@openmailbox.org>
Date: Wed, 9 Mar 2016 21:11:13 +0100
Subject: [PATCH] Add 4096 bits DH

---
 openvpn-install.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/openvpn-install.sh b/openvpn-install.sh
index 836465f..a82b96f 100644
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@@ -211,6 +211,9 @@ else
 	chown -R root:root /etc/openvpn/easy-rsa/
 	rm -rf ~/EasyRSA-3.0.1.tgz
 	cd /etc/openvpn/easy-rsa/
+	cp vars.example vars
+	#Use 4096 bits DH instead of 2048 bits
+	echo "set_var EASYRSA_KEY_SIZE 4096" >> vars
 	# Create the PKI, set up the CA, the DH params and the server + client certificates
 	./easyrsa init-pki
 	./easyrsa --batch build-ca nopass