Merge pull request #498 from Zeik0s/master

AES Encryption instead of 3DES

README.md

@@ -90,7 +90,7 @@ one for your new phone.  Or even if you suspect that a cert may have been compro
 just revoke it and generate a new one.
 
 "pivpn list"
-If you add more than a few clients, this gives you a nice list of thier names and whether their certificate
+If you add more than a few clients, this gives you a nice list of their names and whether their certificate
 is still valid or has been revoked.  Great way to keep track of what you did with 'pivpn add' and 'pivpn revoke'.
 
 You can run just 'pivpn' to see all the options.

auto_install/install.sh

@@ -695,6 +695,7 @@ setClientDNS() {
             Level3 "" off
             DNS.WATCH "" off
             Norton "" off
+	    FamilyShield "" off
             Custom "" off)
 
     if DNSchoices=$("${DNSChoseCmd[@]}" "${DNSChooseOptions[@]}" 2>&1 >/dev/tty)
@@ -734,6 +735,13 @@ setClientDNS() {
             $SUDO sed -i '0,/\(dhcp-option DNS \)/ s/\(dhcp-option DNS \).*/\1'${OVPNDNS1}'\"/' /etc/openvpn/server.conf
             $SUDO sed -i '0,/\(dhcp-option DNS \)/! s/\(dhcp-option DNS \).*/\1'${OVPNDNS2}'\"/' /etc/openvpn/server.conf
             ;;
+	FamilyShield)
+            echo "::: Using FamilyShield servers."
+            OVPNDNS1="208.67.222.123"
+            OVPNDNS2="208.67.220.123"
+            $SUDO sed -i '0,/\(dhcp-option DNS \)/ s/\(dhcp-option DNS \).*/\1'${OVPNDNS1}'\"/' /etc/openvpn/server.conf
+            $SUDO sed -i '0,/\(dhcp-option DNS \)/! s/\(dhcp-option DNS \).*/\1'${OVPNDNS2}'\"/' /etc/openvpn/server.conf
+            ;;
         Custom)
             until [[ $DNSSettingsCorrect = True ]]
             do

scripts/makeOVPN.sh

@@ -121,11 +121,11 @@ function keyPASS() {
     expect eof
 EOF
 
-    #Convert key to des3
+    #Convert key to aes128
     KEY_FILE="pki/private/${NAME}${KEY}"
     expect << EOF
     set timeout -1
-    spawn openssl rsa -in ${KEY_FILE} -des3 -out ${KEY_FILE}
+    spawn openssl rsa -in ${KEY_FILE} -aes128 -out ${KEY_FILE}
     expect "Enter pass phrase" { send "${PASSWD}\r" }
     expect "Enter PEM pass phrase" { send "${PASSWD}\r" }
     expect "Verifying - Enter PEM pass phrase" { send "${PASSWD}\r" }
@@ -141,8 +141,8 @@ if [ -z "${NAME}" ]; then
     read -r NAME
 fi
 
-if [[ "${NAME}" =~ [^a-zA-Z0-9] ]]; then
+if [[ "${NAME}" =~ [^a-zA-Z0-9\-] ]]; then
-    echo "Name can only contain alphanumeric characters."
+    echo "Name can only contain alphanumeric characters and dashes (-)."
     exit 1
 fi
 

server_config.txt

@@ -10,6 +10,8 @@ server 10.8.0.0 255.255.255.0
 # Set your primary domain name server address for clients
 push "dhcp-option DNS 8.8.8.8"
 push "dhcp-option DNS 8.8.4.4"
+# Prevent DNS leaks on Windows
+push "block-outside-dns"
 # Override the Client default gateway by using 0.0.0.0/1 and
 # 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
 # overriding but not wiping out the original default gateway.
@@ -31,4 +33,7 @@ status /var/log/openvpn-status.log 20
 status-version 3
 syslog
 verb 3
+#DuplicateCNs allow access control on a less-granular, per user basis.
+#Remove # if you will manage access by user instead of device. 
+#duplicate-cn
 # Generated for use by PiVPN.io