From da9e082f431bcb13198bea656b70b6f6ed6add20 Mon Sep 17 00:00:00 2001 From: Jelle Dekker Date: Wed, 20 Sep 2017 22:42:29 -0500 Subject: [PATCH 1/4] Changed the default length of the Diffie-Hellman parameters to 2048 bits. This is the default everywhere else, both in documentation as well as menu selections and other scripts in this project. This change has no real impact aside from setting the right example. --- server_config.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server_config.txt b/server_config.txt index 70625e7..602dea7 100644 --- a/server_config.txt +++ b/server_config.txt @@ -4,7 +4,7 @@ port 1194 ca /etc/openvpn/easy-rsa/pki/ca.crt cert /etc/openvpn/easy-rsa/pki/issued/server.crt key /etc/openvpn/easy-rsa/pki/private/server.key -dh /etc/openvpn/easy-rsa/pki/dh1024.pem +dh /etc/openvpn/easy-rsa/pki/dh2048.pem topology subnet server 10.8.0.0 255.255.255.0 # server and remote endpoints From 7cf5c19789cd1eae2f52023b0f041be89ee6e47e Mon Sep 17 00:00:00 2001 From: Jelle Dekker Date: Wed, 20 Sep 2017 23:24:57 -0500 Subject: [PATCH 2/4] Changed the display order of the DH options (default value is still 2048 bits) and added a warning for 1024 bits. --- auto_install/install.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/auto_install/install.sh b/auto_install/install.sh index 33ca2a4..8460db8 100755 --- a/auto_install/install.sh +++ b/auto_install/install.sh @@ -802,10 +802,10 @@ confOpenVPN() { if [[ ${useUpdateVars} == false ]]; then # Ask user for desired level of encryption ENCRYPT=$(whiptail --backtitle "Setup OpenVPN" --title "Encryption Strength" --radiolist \ - "Choose your desired level of encryption (press space to select):\n This is an encryption key that will be generated on your system. The larger the key, the more time this will take. For most applications it is recommended to use 2048 bit. If you are testing or just want to get through it quicker you can use 1024. If you are paranoid about ... things... then grab a cup of joe and pick 4096." ${r} ${c} 3 \ - "2048" "Use 2048-bit encryption. Recommended level." ON \ - "1024" "Use 1024-bit encryption. Test level." OFF \ - "4096" "Use 4096-bit encryption. Paranoid level." OFF 3>&1 1>&2 2>&3) + "Choose your desired level of encryption (press space to select):\n This is an encryption key that will be generated on your system. The larger the key, the more time this will take. For most applications it is recommended to use 2048 bit. If you are testing, you can use 1024 bit to speed things up but do not use this for normal use! If you are paranoid about ... things... then grab a cup of joe and pick 4096." ${r} ${c} 3 \ + "1024" "Use 1024-bit encryption (testing only)." OFF \ + "2048" "Use 2048-bit encryption (recommended level)." ON \ + "4096" "Use 4096-bit encryption (paranoid level)." OFF 3>&1 1>&2 2>&3) exitstatus=$? if [ $exitstatus != 0 ]; then From 8910545d909703fc7d5e8c68c1f8b6a9e3848327 Mon Sep 17 00:00:00 2001 From: Jelle Dekker Date: Fri, 22 Sep 2017 02:17:53 -0500 Subject: [PATCH 3/4] Fixed a couple of typos. --- auto_install/install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/auto_install/install.sh b/auto_install/install.sh index 8460db8..23122e5 100755 --- a/auto_install/install.sh +++ b/auto_install/install.sh @@ -801,8 +801,8 @@ confOpenVPN() { if [[ ${useUpdateVars} == false ]]; then # Ask user for desired level of encryption - ENCRYPT=$(whiptail --backtitle "Setup OpenVPN" --title "Encryption Strength" --radiolist \ - "Choose your desired level of encryption (press space to select):\n This is an encryption key that will be generated on your system. The larger the key, the more time this will take. For most applications it is recommended to use 2048 bit. If you are testing, you can use 1024 bit to speed things up but do not use this for normal use! If you are paranoid about ... things... then grab a cup of joe and pick 4096." ${r} ${c} 3 \ + ENCRYPT=$(whiptail --backtitle "Setup OpenVPN" --title "Encryption strength" --radiolist \ + "Choose your desired level of encryption (press space to select):\n This is an encryption key that will be generated on your system. The larger the key, the more time this will take. For most applications, it is recommended to use 2048 bits. If you are testing, you can use 1024 bits to speed things up, but do not use this for normal use! If you are paranoid about ... things... then grab a cup of joe and pick 4096 bits." ${r} ${c} 3 \ "1024" "Use 1024-bit encryption (testing only)." OFF \ "2048" "Use 2048-bit encryption (recommended level)." ON \ "4096" "Use 4096-bit encryption (paranoid level)." OFF 3>&1 1>&2 2>&3) From c81e793c6ce780b06984168b7db244684ab73c1f Mon Sep 17 00:00:00 2001 From: Jelle Dekker Date: Sat, 23 Sep 2017 15:16:06 -0500 Subject: [PATCH 4/4] Removed punctuation in list items. --- auto_install/install.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/auto_install/install.sh b/auto_install/install.sh index 23122e5..cb41800 100755 --- a/auto_install/install.sh +++ b/auto_install/install.sh @@ -803,9 +803,9 @@ confOpenVPN() { # Ask user for desired level of encryption ENCRYPT=$(whiptail --backtitle "Setup OpenVPN" --title "Encryption strength" --radiolist \ "Choose your desired level of encryption (press space to select):\n This is an encryption key that will be generated on your system. The larger the key, the more time this will take. For most applications, it is recommended to use 2048 bits. If you are testing, you can use 1024 bits to speed things up, but do not use this for normal use! If you are paranoid about ... things... then grab a cup of joe and pick 4096 bits." ${r} ${c} 3 \ - "1024" "Use 1024-bit encryption (testing only)." OFF \ - "2048" "Use 2048-bit encryption (recommended level)." ON \ - "4096" "Use 4096-bit encryption (paranoid level)." OFF 3>&1 1>&2 2>&3) + "1024" "Use 1024-bit encryption (testing only)" OFF \ + "2048" "Use 2048-bit encryption (recommended level)" ON \ + "4096" "Use 4096-bit encryption (paranoid level)" OFF 3>&1 1>&2 2>&3) exitstatus=$? if [ $exitstatus != 0 ]; then