Angristan
693bd13fa7
Use SHA-256 instead of SHA-384
...
Thanks to David_5.1 (https://angristan.fr/mise-a-jour-de-mon-script-openvpn/#comment-2750 ) who pointed out that there was a mistake on the Wikipédia page of the Length extension attack (https://en.wikipedia.org/wiki/Length_extension_attack ), and it was affecting all the SHA2 family, not just SHA256. It's a theoretical attack though. I didn't find any reason to use one member of the SHA2 family more than an other, so I switched to SHA-256 for now.
2016-12-11 12:07:50 +01:00
Angristan
7f6a007637
Add source for the crypto update 🔐
2016-12-04 19:00:26 +01:00
Angristan
98a0dbf26d
Fix typo of the crypto update 🔐
...
Thanks to https://twitter.com/TiCubius/status/805468611875897344
2016-12-04 18:49:08 +01:00
Angristan
da64aa8df8
The crypto update 🔐 + improvements
...
Following this commit : 56477bba34
I wanted to improve the readability of the Readme, and also explain myself regarding the encryption parameters I have chosen in the script.
I took hours to write and add the sources, so I may have made some mistakes. I'll gladly accept any feedback ^^
2016-12-04 18:24:38 +01:00
Angristan
7a5bb93cbe
AES-256 is not necessarily the most secure cipher
...
Indeed, it it most vulnerable to Timing Attacks : https://en.wikipedia.org/wiki/Length_extension_attack
Also, AES 128 is secure enough for every one, so it's still the recommended cipher.
2016-12-04 17:21:41 +01:00
Angristan
56477bba34
The crypto update 🔐
...
- Removed "fast" and "slow" mode (not a good idea, I prefer to give the choice for the parameters directly)
- Corrected some confusion between the cipher for the data channel and the control channel, my bad.
- using TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 by default for the control channel
- using SHA384 by default for HMAC auth and RSA certificate
- giving the choice for the cipher of the data channel, the size of the DH key and the RSA Key
I will explain all my choices here : https://github.com/Angristan/OpenVPN-install#encryption (likely tomorrow)
2016-11-28 22:13:32 +01:00
Angristan
c03a55f11f
Making sure a correct DNS option is selected
2016-11-27 14:31:25 +01:00
Angristan
421d69e92d
Arch Linux + other changes
2016-11-26 17:20:56 +01:00
TheKinrar
50f39963e6
Merge branch 'TheKinrar-master'
2016-11-26 16:13:23 +01:00
TheKinrar
f76db9f589
Merge branch 'master' of https://github.com/TheKinrar/OpenVPN-install into TheKinrar-master
2016-11-26 16:13:02 +01:00
TheKinrar
c659a47dd4
Add ArchLinux to README
2016-11-26 16:03:37 +01:00
TheKinrar
f3ff29d6c7
rc.local fix
2016-11-25 18:25:37 +01:00
Angristan
d3b0ec10e7
Remove UFW and MASQUERADE
...
See 17a9d76ae9
2016-11-25 01:01:10 +01:00
Angristan
17a9d76ae9
Remove ufw and MASQUERADE support
...
Not useful, badly implemented.
2016-11-25 00:59:03 +01:00
Angristan
218e474f85
Add logs
...
Can be useful.
2016-11-24 23:34:15 +01:00
Angristan
2db5ff8adf
Avoid DNS leak on W10
2016-11-24 23:04:24 +01:00
Angristan
98ca79a9de
Move rc.local and sysctl installation after the confirmation
2016-11-24 20:28:49 +01:00
TheKinrar
358e80b5a6
sysctl fix, again.
2016-11-24 19:37:45 +01:00
TheKinrar
cc657fa459
Fixed rc.local and sysctl.conf files on ArchLinux
2016-11-24 18:07:23 +01:00
Angristan
f9016fb3b5
Add TCP support
2016-11-23 20:22:57 +01:00
TheKinrar
9b261809eb
Automatically enable and start iptables on ArchLinux.
2016-11-22 19:55:17 +01:00
TheKinrar
6e2b5cb439
Added ArchLinux support.
2016-11-21 20:59:00 +01:00
Angristan
80dbca6e63
Add TCP support
...
There is now the choice to use TCP or UDP for OpenVPN protocol. You should always use UDP, but TCP can be useful sometimes : on lossy networks or to bypass some blockage
2016-11-21 19:57:52 +01:00
Angristan
662fe26f5b
I don't know why it wasn't like this from the beginning
2016-11-20 23:09:42 +01:00
Angristan
552709059e
Fix my previous commit
...
My bad.
2016-11-20 22:50:51 +01:00
Angristan
a09ef4868a
The user can choose to continue the installer even if its OS is not supported
...
At its own risk of course. But usefull if using Ubuntu beta or Debian unstable/testing
2016-11-20 22:47:23 +01:00
Angristan
457005d03a
Add old repo
2016-11-20 16:39:36 +01:00
Angristan
cbd57e6416
Add contributors
2016-11-20 16:03:59 +01:00
Angristan
77301f9a9d
Some clarification
2016-11-20 15:29:23 +01:00
Angristan
903270be4b
Remove OpenNIC servers
...
Not consistant and can't really be trusted
2016-11-20 15:01:42 +01:00
Angristan
b0f271bc5f
Specify the location of the DNS servers
2016-11-20 14:52:47 +01:00
Angristan
1e80e145f0
Fix title
2016-11-20 14:23:48 +01:00
Angristan
3f58eb781c
Some cleanup
2016-11-20 14:22:08 +01:00
Angristan
98d7d7a358
Update date and copyright holder
2016-11-20 13:26:50 +01:00
Angristan
5bd85f0035
More explanations regarding the fork
2016-11-15 13:36:24 +01:00
Angristan
dcac2ed01f
Add pics
2016-10-23 12:49:20 +02:00
Angristan
899e3bb55e
Removing Ubuntu 15.10 and adding Ubuntu 16.10
2016-10-20 14:34:45 +02:00
Angristan
7295627e67
Removing support for Ubuntu 15.10
...
Ubuntu 15.10 is not supported anymore since july 2016 : not safe to use it now
2016-10-20 14:33:16 +02:00
Angristan
fce638b552
Add support for Ubuntu 16.10 Yakketi Yak
2016-10-13 22:55:04 +02:00
Angristan
2c9701d477
Better way to enable IP forwarding
...
791c54786c
2016-10-04 17:34:11 +02:00
Angristan
aefb516958
Changed iptables to not lookup hosts
...
56f079289e
2016-10-04 17:31:35 +02:00
Angristan
8db5c665c1
update link
2016-09-29 20:21:37 +02:00
Angristan
e9654ef824
Merge pull request #13 from Kcchouette/patch-1
...
Fix "EASYRSA_KEY_SIZE" x2
2016-09-07 20:16:20 +02:00
Kcchouette
87a191f8a1
Update openvpn-install.sh
2016-09-07 17:41:57 +02:00
Angristan
2ce510aef5
Update README.md
2016-08-20 11:50:02 +02:00
Angristan
78a2c4573e
Update README.md
2016-08-20 10:58:19 +02:00
Angristan
c8eed87ebd
Fix UFW error
2016-08-18 18:52:58 +02:00
Angristan
41a38a1e32
Update README.md
2016-07-28 10:44:16 +02:00
Angristan
66c78333f5
Merge pull request #11 from Super-Baleine/master
...
Loop
2016-07-12 11:18:42 +02:00
Super-Baleine
a14809e7c3
delete read
2016-07-12 11:07:08 +02:00