mirror of
https://github.com/angristan/openvpn-install.git
synced 2024-11-22 00:39:03 +01:00
Add more than one cipogers to tls-cipher
Just in case we need to fallback or downgrade
This commit is contained in:
parent
8b89b1743c
commit
b15cd6cf81
@ -294,10 +294,15 @@ tls-version-min 1.2" > /etc/openvpn/server.conf
|
||||
if [[ "$VARIANT" = '1' ]]; then
|
||||
# If the user selected the fast, less hardened version
|
||||
# Or if the user selected a non-existant variant, we fallback to fast
|
||||
echo "tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256" >> /etc/openvpn/server.conf
|
||||
echo "tls-cipher DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256::DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:DHE-RSA\
|
||||
\-CAMELLIA128-SHA:DHE-RSA-AES128-SHA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:\
|
||||
\AES128-SHA" >> /etc/openvpn/server.conf
|
||||
elif [[ "$VARIANT" = '2' ]]; then
|
||||
# If the user selected the relatively slow, ultra hardened version
|
||||
echo "tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384" >> /etc/openvpn/server.conf
|
||||
echo "tls-cipher DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-\
|
||||
\SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:DHE-RSA\
|
||||
\-CAMELLIA128-SHA:DHE-RSA-AES128-SHA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:\
|
||||
\AES128-SHA" >> /etc/openvpn/server.conf
|
||||
fi
|
||||
echo 'push "redirect-gateway def1 bypass-dhcp"' >> /etc/openvpn/server.conf
|
||||
# DNS
|
||||
|
Loading…
Reference in New Issue
Block a user