Angristan
ea114e1a0d
Merge pull request #79 from jackdwyer/fix-cipher-option
...
Fixes last case statement for SEED-CBC
2017-07-03 20:17:38 +02:00
jackdwyer
d1f665c458
fixes last case statement for SEED-CBC
2017-07-03 14:14:39 -04:00
Angristan
2584de5d85
Caps are important
2017-06-26 03:11:59 +02:00
Angristan
f4f8d08067
Add support for Debian 9 Stretch and architectures details
...
I figured it would be useful to add architectures to the list, especially considering the rise of ARM servers.
2017-06-26 03:02:16 +02:00
Angristan
cd01329585
Add support for Debian 9 Stretch
2017-06-26 02:41:40 +02:00
Angristan
e185698445
Use current system resolvers as default
...
That makes more sense that putting French servers.
What is in /etc/resolv.conf is not always good, but most of the time it's the hoster's or something nearby. Thus it makes more sense for the user to use them by default.
2017-06-26 02:37:41 +02:00
Angristan
6800ef35f7
Typo
...
It's late.
2017-06-26 02:20:38 +02:00
Angristan
19fe6626f1
Implements OpenVPN 2.4 changes for Arch Linux (kind of)
...
Since OpenVPN 2.4 is out on Arch, the script wasn't working completely because of this : https://www.archlinux.org/news/openvpn-240-update-requires-administrative-interaction/
There is a new path for OpenVPN server config. This is just needed on Arch for now, and you're probably not going to run an OpenVPN client on an OpenVPN server.
Thus I modified the systemd script to use `/etc/openvpn/` and `server.conf` instead of the new `/etc/openvpn/server/` and `openvpn.conf`.
By using the same paths as the other distros, I avoid to rewrite the entire script to change the paths...
It's not 100% clean, but it works pretty well. If you have any objection please leave a comment.
Also, I updated the new service name.
As far as I tested, it's working fine on Arch Linux for now.
Fixes #63 and #61
2017-06-26 02:17:14 +02:00
Angristan
ac203dd5ee
Fix iptables rules on reboot for some OS
...
Thanks a lot to Nyr for the fix : a31aaf82f3https://github.com/Angristan/OpenVPN-install/issues/6 .
On Ubuntu 17.04, 16.10 and Debian 9, the iptables rules were not applied because of rc.local
2017-06-25 22:01:05 +02:00
Angristan
10351305e3
Google Compute Engine support
...
Merge pull request #57 and close issue #46
2017-06-25 20:21:36 +02:00
Angristan
8c66c8e684
Fix client revocation
...
A client revocation would make crl.pem unreadable and thus blocking any other client to connect.
Fixes https://github.com/Angristan/OpenVPN-install/pull/47 , https://github.com/Angristan/OpenVPN-install/issues/25 and https://github.com/Angristan/OpenVPN-install/issues/49 .
2017-06-25 19:58:41 +02:00
Kenneth Zhao
d74318562d
adding support for debian 9 stretch
2017-06-25 09:38:52 -07:00
Angristan
ec41b64b15
Added Yandex Basic DNS resolvers
...
Nice speed for Russia
2017-06-23 14:32:16 +02:00
Angristan
a2a3bfc605
Added Yandex Basic DNS resolvers
...
https://dns.yandex.com/
Nice for Russia.
2017-06-23 14:30:57 +02:00
Angristan
d712e15795
Support OpenSSL 1.1.0 DH generation
...
Fixes dh.pem gen on Debian 9 and Arch Linux
https://github.com/Angristan/OpenVPN-install/issues/64
https://github.com/Angristan/OpenVPN-install/issues/74
https://www.debian.org/releases/stretch/amd64/release-notes/ch-information.en.html#openssl-issues
2017-06-18 21:12:25 +02:00
Angristan
5d40c041dd
More proper remove
...
openvpn-blacklist isn't installed with Debian 9.
2017-06-18 21:07:15 +02:00
Angristan
0bc1e6ea59
Add support for Ubuntu 17.04
2017-05-07 23:59:43 +02:00
Angristan
823ff21fcc
Add support for Ubuntu 17.04
2017-05-07 23:56:19 +02:00
DrXala
fa9e5235f9
Close Angristan/OpenVPN-install#46
...
This patch is for Angristan/OpenVPN-install#46
2017-04-23 12:43:33 +02:00
Angristan
b3f62850e7
Fix broken headings in Markdown files
...
Merge pull request #53 from bryant1410/master
2017-04-17 14:33:31 +02:00
Santiago Castro
504597fe96
Fix broken Markdown headings
2017-04-16 23:21:39 -03:00
Angristan
e8554eb35a
Updates links
2017-03-01 17:10:33 +01:00
Angristan
06c66a96a7
Correct typo
2017-02-06 14:05:58 +01:00
Angristan
adfb8b9a2f
Update LICENSE
2016-12-20 15:04:12 +01:00
Angristan
63ed1449de
Merge pull request #11 from Seeder101/patch-1 (typo)
...
Fix typos
2016-12-17 20:01:18 +01:00
Seeder101
89925cbbe8
Update openvpn-install.sh
...
change sould to should and correct adress to address in line 195
2016-12-11 16:03:40 +03:00
Seeder101
e548a61dcc
Update openvpn-install.sh
...
change sould to should
2016-12-11 15:58:06 +03:00
Angristan
316ecfe7f4
Use SHA-256 instead of SHA-384
...
Following 693bd13fa7
2016-12-11 12:11:11 +01:00
Angristan
693bd13fa7
Use SHA-256 instead of SHA-384
...
Thanks to David_5.1 (https://angristan.fr/mise-a-jour-de-mon-script-openvpn/#comment-2750 ) who pointed out that there was a mistake on the Wikipédia page of the Length extension attack (https://en.wikipedia.org/wiki/Length_extension_attack ), and it was affecting all the SHA2 family, not just SHA256. It's a theoretical attack though. I didn't find any reason to use one member of the SHA2 family more than an other, so I switched to SHA-256 for now.
2016-12-11 12:07:50 +01:00
Angristan
7f6a007637
Add source for the crypto update 🔐
2016-12-04 19:00:26 +01:00
Angristan
98a0dbf26d
Fix typo of the crypto update 🔐
...
Thanks to https://twitter.com/TiCubius/status/805468611875897344
2016-12-04 18:49:08 +01:00
Angristan
da64aa8df8
The crypto update 🔐 + improvements
...
Following this commit : 56477bba34
2016-12-04 18:24:38 +01:00
Angristan
7a5bb93cbe
AES-256 is not necessarily the most secure cipher
...
Indeed, it it most vulnerable to Timing Attacks : https://en.wikipedia.org/wiki/Length_extension_attack
Also, AES 128 is secure enough for every one, so it's still the recommended cipher.
2016-12-04 17:21:41 +01:00
Angristan
56477bba34
The crypto update 🔐
...
- Removed "fast" and "slow" mode (not a good idea, I prefer to give the choice for the parameters directly)
- Corrected some confusion between the cipher for the data channel and the control channel, my bad.
- using TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 by default for the control channel
- using SHA384 by default for HMAC auth and RSA certificate
- giving the choice for the cipher of the data channel, the size of the DH key and the RSA Key
I will explain all my choices here : https://github.com/Angristan/OpenVPN-install#encryption (likely tomorrow)
2016-11-28 22:13:32 +01:00
Angristan
c03a55f11f
Making sure a correct DNS option is selected
2016-11-27 14:31:25 +01:00
Angristan
421d69e92d
Arch Linux + other changes
2016-11-26 17:20:56 +01:00
TheKinrar
50f39963e6
Merge branch 'TheKinrar-master'
2016-11-26 16:13:23 +01:00
TheKinrar
f76db9f589
Merge branch 'master' of https://github.com/TheKinrar/OpenVPN-install into TheKinrar-master
2016-11-26 16:13:02 +01:00
TheKinrar
c659a47dd4
Add ArchLinux to README
2016-11-26 16:03:37 +01:00
TheKinrar
f3ff29d6c7
rc.local fix
2016-11-25 18:25:37 +01:00
Angristan
d3b0ec10e7
Remove UFW and MASQUERADE
...
See 17a9d76ae9
2016-11-25 01:01:10 +01:00
Angristan
17a9d76ae9
Remove ufw and MASQUERADE support
...
Not useful, badly implemented.
2016-11-25 00:59:03 +01:00
Angristan
218e474f85
Add logs
...
Can be useful.
2016-11-24 23:34:15 +01:00
Angristan
2db5ff8adf
Avoid DNS leak on W10
2016-11-24 23:04:24 +01:00
Angristan
98ca79a9de
Move rc.local and sysctl installation after the confirmation
2016-11-24 20:28:49 +01:00
TheKinrar
358e80b5a6
sysctl fix, again.
2016-11-24 19:37:45 +01:00
TheKinrar
cc657fa459
Fixed rc.local and sysctl.conf files on ArchLinux
2016-11-24 18:07:23 +01:00
Angristan
f9016fb3b5
Add TCP support
2016-11-23 20:22:57 +01:00
TheKinrar
9b261809eb
Automatically enable and start iptables on ArchLinux.
2016-11-22 19:55:17 +01:00
TheKinrar
6e2b5cb439
Added ArchLinux support.
2016-11-21 20:59:00 +01:00
