Bernhard.Linz/openvpn-install
1
0
Fork 0
mirror of https://github.com/angristan/openvpn-install.git synced 2025-07-15 19:04:22 +02:00
Code Issues Projects Releases Wiki Activity
314 Commits 5 Branches 0 Tags
Commit Graph

314 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Angristan
a2a3bfc605 Added Yandex Basic DNS resolvers 
https://dns.yandex.com/

Nice for Russia.
 2017-06-23 14:30:57 +02:00
Angristan
d712e15795 Support OpenSSL 1.1.0 DH generation 
Fixes dh.pem gen on Debian 9 and Arch Linux

https://github.com/Angristan/OpenVPN-install/issues/64
https://github.com/Angristan/OpenVPN-install/issues/74

https://www.debian.org/releases/stretch/amd64/release-notes/ch-information.en.html#openssl-issues
 2017-06-18 21:12:25 +02:00
Angristan
5d40c041dd More proper remove 
openvpn-blacklist isn't installed with Debian 9.
 2017-06-18 21:07:15 +02:00
Angristan
0bc1e6ea59 Add support for Ubuntu 17.04 2017-05-07 23:59:43 +02:00
Angristan
823ff21fcc Add support for Ubuntu 17.04 2017-05-07 23:56:19 +02:00
DrXala
fa9e5235f9 Close Angristan/OpenVPN-install#46 
This patch is for Angristan/OpenVPN-install#46
 2017-04-23 12:43:33 +02:00
Angristan
b3f62850e7 Fix broken headings in Markdown files 
Merge pull request #53 from bryant1410/master
 2017-04-17 14:33:31 +02:00
Santiago Castro
504597fe96 Fix broken Markdown headings 2017-04-16 23:21:39 -03:00
Angristan
b205980053 Use best encryption available 
Does not affect speed significantly, if at all.
 2017-03-02 23:42:23 +01:00
Angristan
beb9148b6e Merge pull request #40 from Kcchouette/patch-1 
Remove the last archlinux part
 2017-03-01 18:04:17 +01:00
Angristan
e8554eb35a Updates links 2017-03-01 17:10:33 +01:00
Kcchouette
2a6422057e Remove the last $SYSCTL var 
This var was indeed removed with the commit f5ec9f3a17
 2017-02-24 10:33:52 +01:00
Kcchouette
135729d0ab Remove the archlinux part 
that @Angristan had forgotten
 2017-02-23 22:47:40 +01:00
Angristan
f5ec9f3a17 Remove Arch Linux support 
Revert PR#2 :https://github.com/Angristan/OpenVPN-install/pull/2/files#diff-cda9722285f1718b319bb88e134e9efe

Too much work to do with OpenVPN 2.4 for a distro that is not much used on servers.
 2017-02-17 22:54:29 +01:00
Angristan
624774736d Remove RSA key size input 2017-02-16 22:33:12 +01:00
Angristan
5fe4bf62d6 Replace tls-auth with tls-crypt 2017-02-16 22:32:09 +01:00
Angristan
afa0162c4c Use ECDSA cert instead of RSA 2017-02-16 20:27:57 +01:00
Angristan
ed779b9b52 Fix cipher 2017-02-16 19:36:24 +01:00
Angristan
547f689f00 Use secp256k1 curve for ECDH (fix) 
I forgot the curve in 23daeca80a
 2017-02-16 19:35:50 +01:00
Angristan
935896dbc7 Remove cp for dh 2017-02-16 19:33:07 +01:00
Angristan
64433208d6 Remove DH key size input, remove cipher input 
And use AES-128-GCM as the data channel's cipher
 2017-02-16 19:10:53 +01:00
Angristan
da947d8ae3 Update repo for Debian and Ubuntu 2017-02-16 19:07:17 +01:00
Angristan
23daeca80a Use secp256k1 curve for ECDH 
cf. https://github.com/Angristan/OpenVPN-install/pull/33#issuecomment-280399196
 2017-02-16 18:34:33 +01:00
Angristan
56fad22cad Disable DH and enable ECDH 
cf. https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage#lbAK
 2017-02-16 18:30:40 +01:00
Angristan
fa6cf4e569 Update tls-cipher to use ECDHE and ECDSA 2017-02-16 17:54:08 +01:00
Angristan
06c66a96a7 Correct typo 2017-02-06 14:05:58 +01:00
Angristan
56b755f937 Update AES data channel ciphers 2017-02-06 12:05:01 +01:00
Angristan
adfb8b9a2f Update LICENSE 2016-12-20 15:04:12 +01:00
Angristan
63ed1449de Merge pull request #11 from Seeder101/patch-1 (typo) 
Fix typos
 2016-12-17 20:01:18 +01:00
Seeder101
89925cbbe8 Update openvpn-install.sh 
change sould to should and correct adress to address in line 195
 2016-12-11 16:03:40 +03:00
Seeder101
e548a61dcc Update openvpn-install.sh 
change sould to should
 2016-12-11 15:58:06 +03:00
Angristan
316ecfe7f4 Use SHA-256 instead of SHA-384 
Following 693bd13fa7
 2016-12-11 12:11:11 +01:00
Angristan
693bd13fa7 Use SHA-256 instead of SHA-384 
Thanks to David_5.1 (https://angristan.fr/mise-a-jour-de-mon-script-openvpn/#comment-2750) who pointed out that there was a mistake on the Wikipédia page of the Length extension attack (https://en.wikipedia.org/wiki/Length_extension_attack), and it was affecting all the SHA2 family, not just SHA256. It's a theoretical attack though. I didn't find any reason to use one member of the SHA2 family more than an other, so I switched to SHA-256 for now.
 2016-12-11 12:07:50 +01:00
Angristan
7f6a007637 Add source for the crypto update 🔐 2016-12-04 19:00:26 +01:00
Angristan
98a0dbf26d Fix typo of the crypto update 🔐 
Thanks to https://twitter.com/TiCubius/status/805468611875897344
 2016-12-04 18:49:08 +01:00
Angristan
da64aa8df8 The crypto update 🔐 + improvements 
Following this commit : 56477bba34

I wanted to improve the readability of the Readme, and also explain myself regarding the encryption parameters I have chosen in the script.

I took hours to write and add the sources, so I may have made some mistakes. I'll gladly accept any feedback ^^
 2016-12-04 18:24:38 +01:00
Angristan
7a5bb93cbe AES-256 is not necessarily the most secure cipher 
Indeed, it it most vulnerable to Timing Attacks : https://en.wikipedia.org/wiki/Length_extension_attack

Also, AES 128 is secure enough for every one, so it's still the recommended cipher.
 2016-12-04 17:21:41 +01:00
Angristan
56477bba34 The crypto update 🔐 
- Removed "fast" and "slow" mode (not a good idea, I prefer to give the choice for the parameters directly)
- Corrected some confusion between the cipher for the data channel and the control channel, my bad.
- using TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 by default for the control channel
- using SHA384 by default for HMAC auth and RSA certificate
- giving the choice for the cipher of the data channel, the size of the DH key and the RSA Key

I will explain all my choices here : https://github.com/Angristan/OpenVPN-install#encryption (likely tomorrow)
 2016-11-28 22:13:32 +01:00
Angristan
c03a55f11f Making sure a correct DNS option is selected 2016-11-27 14:31:25 +01:00
Angristan
421d69e92d Arch Linux + other changes 2016-11-26 17:20:56 +01:00
TheKinrar
50f39963e6 Merge branch 'TheKinrar-master' 2016-11-26 16:13:23 +01:00
TheKinrar
f76db9f589 Merge branch 'master' of https://github.com/TheKinrar/OpenVPN-install into TheKinrar-master 2016-11-26 16:13:02 +01:00
TheKinrar
c659a47dd4 Add ArchLinux to README 2016-11-26 16:03:37 +01:00
TheKinrar
f3ff29d6c7 rc.local fix 2016-11-25 18:25:37 +01:00
Angristan
d3b0ec10e7 Remove UFW and MASQUERADE 
See 17a9d76ae9
 2016-11-25 01:01:10 +01:00
Angristan
17a9d76ae9 Remove ufw and MASQUERADE support 
Not useful, badly implemented.
 2016-11-25 00:59:03 +01:00
Angristan
218e474f85 Add logs 
Can be useful.
 2016-11-24 23:34:15 +01:00
Angristan
2db5ff8adf Avoid DNS leak on W10 2016-11-24 23:04:24 +01:00
Angristan
98ca79a9de Move rc.local and sysctl installation after the confirmation 2016-11-24 20:28:49 +01:00
TheKinrar
358e80b5a6 sysctl fix, again. 2016-11-24 19:37:45 +01:00