Bernhard.Linz/openvpn-install
1
0
Fork 0
mirror of https://github.com/angristan/openvpn-install.git synced 2025-12-06 20:52:42 +01:00
Code Issues Projects Releases Wiki Activity

Support ios openvpn connect using CBC, SHA128 tls-cipher. Update readme.

Browse Source
This commit is contained in:
jtbr
2016-04-12 09:38:14 +00:00
parent a65523eb1c
commit f376ce912f
2 changed files with 9 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
openvpn-install.sh
View File

@@ -302,7 +302,8 @@ tls-version-min 1.2" > /etc/openvpn/server.conf
if [[ "$VARIANT" = '1' ]]; then
# If the user selected the fast, less hardened version
# Or if the user selected a non-existant variant, we fallback to fast
echo "tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256" >> /etc/openvpn/server.conf
# iOS OpenVPN connect doesn't support GCM or SHA256, use next best
echo "tls-cipher TLS-DHE-RSA-WITH-AES-128-CBC-SHA" >> /etc/openvpn/server.conf
elif [[ "$VARIANT" = '2' ]]; then
# If the user selected the relatively slow, ultra hardened version
echo "tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384" >> /etc/openvpn/server.conf
@@ -436,7 +437,7 @@ tls-client" > /etc/openvpn/client-common.txt
if [[ "$VARIANT" = '1' ]]; then
# If the user selected the fast, less hardened version
# Or if the user selected a non-existant variant, we fallback to fast
echo "tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256" >> /etc/openvpn/client-common.txt
echo "tls-cipher TLS-DHE-RSA-WITH-AES-128-CBC-SHA" >> /etc/openvpn/client-common.txt
elif [[ "$VARIANT" = '2' ]]; then
# If the user selected the relatively slow, ultra hardened version
echo "tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384" >> /etc/openvpn/client-common.txt