From e4067949d583aad42590ba2cfd8046322ed58f17 Mon Sep 17 00:00:00 2001 From: Marvin Lehmann Date: Wed, 18 Jul 2018 23:01:36 +0200 Subject: [PATCH] Use latest DH parameter service API More information at https://2ton.com.au/safeprimes/ --- auto_install/install.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/auto_install/install.sh b/auto_install/install.sh index 78a838f..6023b55 100755 --- a/auto_install/install.sh +++ b/auto_install/install.sh @@ -850,7 +850,7 @@ EOF if [[ ${useUpdateVars} == false ]]; then if [[ ${APPLY_TWO_POINT_FOUR} == false ]]; then - if ([ "$ENCRYPT" -ge "4096" ] && whiptail --backtitle "Setup OpenVPN" --title "Download Diffie-Hellman Parameters" --yesno --defaultno "Download Diffie-Hellman parameters from a public DH parameter generation service?\n\nGenerating DH parameters for a $ENCRYPT-bit key can take many hours on a Raspberry Pi. You can instead download DH parameters from \"2 Ton Digital\" that are generated at regular intervals as part of a public service. Downloaded DH parameters will be randomly selected from a pool of the last 128 generated.\nMore information about this service can be found here: https://2ton.com.au/dhtool/\n\nIf you're paranoid, choose 'No' and Diffie-Hellman parameters will be generated on your device." ${r} ${c}); then + if ([ "$ENCRYPT" -ge "4096" ] && whiptail --backtitle "Setup OpenVPN" --title "Download Diffie-Hellman Parameters" --yesno --defaultno "Download Diffie-Hellman parameters from a public DH parameter generation service?\n\nGenerating DH parameters for a $ENCRYPT-bit key can take many hours on a Raspberry Pi. You can instead download DH parameters from \"2 Ton Digital\" that are generated at regular intervals as part of a public service. Downloaded DH parameters will be randomly selected from their database.\nMore information about this service can be found here: https://2ton.com.au/safeprimes/\n\nIf you're paranoid, choose 'No' and Diffie-Hellman parameters will be generated on your device." ${r} ${c}); then DOWNLOAD_DH_PARAM=true else DOWNLOAD_DH_PARAM=false @@ -861,8 +861,7 @@ EOF if [[ ${APPLY_TWO_POINT_FOUR} == false ]]; then if [ "$ENCRYPT" -ge "4096" ] && [[ ${DOWNLOAD_DH_PARAM} == true ]]; then # Downloading parameters - RANDOM_INDEX=$(( RANDOM % 128 )) - ${SUDOE} curl "https://2ton.com.au/dhparam/${ENCRYPT}/${RANDOM_INDEX}" -o "/etc/openvpn/easy-rsa/pki/dh${ENCRYPT}.pem" + ${SUDOE} curl "https://2ton.com.au/getprimes/random/dhparam/${ENCRYPT}" -o "/etc/openvpn/easy-rsa/pki/dh${ENCRYPT}.pem" else # Generate Diffie-Hellman key exchange ${SUDOE} ./easyrsa gen-dh