mirror of
https://github.com/pivpn/pivpn.git
synced 2024-12-20 03:40:17 +00:00
Increase default levels of security
This commit is contained in:
Kaladin Light
parent
fa60d29aa3
commit
5da2626883
2 changed files with 5 additions and 5 deletions
|
|
@ -6,10 +6,8 @@ resolv-retry infinite
|
||||||
nobind
|
nobind
|
||||||
persist-key
|
persist-key
|
||||||
persist-tun
|
persist-tun
|
||||||
mute-replay-warnings
|
|
||||||
ns-cert-type server
|
|
||||||
key-direction 1
|
key-direction 1
|
||||||
cipher AES-128-CBC
|
cipher AES-256-CBC
|
||||||
|
auth SHA256
|
||||||
comp-lzo
|
comp-lzo
|
||||||
verb 1
|
verb 1
|
||||||
mute 20
|
|
||||||
|
|
|
||||||
|
|
@ -16,6 +16,7 @@ push "route 10.8.0.0 255.255.255.0"
|
||||||
push "route LOCALIP 255.255.255.0"
|
push "route LOCALIP 255.255.255.0"
|
||||||
# Set your primary domain name server address for clients
|
# Set your primary domain name server address for clients
|
||||||
push "dhcp-option DNS 8.8.8.8"
|
push "dhcp-option DNS 8.8.8.8"
|
||||||
|
push "dhcp-option DNS 8.8.4.4"
|
||||||
# Override the Client default gateway by using 0.0.0.0/1 and
|
# Override the Client default gateway by using 0.0.0.0/1 and
|
||||||
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
|
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
|
||||||
# overriding but not wiping out the original default gateway.
|
# overriding but not wiping out the original default gateway.
|
||||||
|
|
@ -24,7 +25,8 @@ client-to-client
|
||||||
duplicate-cn
|
duplicate-cn
|
||||||
keepalive 10 120
|
keepalive 10 120
|
||||||
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
|
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
|
||||||
cipher AES-128-CBC
|
cipher AES-256-CBC
|
||||||
|
auth SHA256
|
||||||
comp-lzo
|
comp-lzo
|
||||||
user nobody
|
user nobody
|
||||||
group nogroup
|
group nogroup
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue