Cyb0rk
cb04be301e
DNS leak fix in server_config.txt
...
Added fix to prevent DNS leak on Windows 10
2018-03-17 00:45:15 +01:00
justinamcafee
3e042ef6ef
Added OPTIONAL support for duplicate certificates
...
Previous commits removed the duplicate cn option all together, this adds a comment to inform users of their options/choice.
2018-03-09 12:18:34 -06:00
Piero
4b47b5aa61
2.4
2018-02-15 10:14:03 +01:00
redfast00
c7dfe6283a
Merge pull request #379 from jellemdekker/fix/remove-excess-code
...
Removed excess code
2017-12-16 22:07:10 +01:00
Jelle Dekker
14b13d3a41
Removed the previously commented-out code.
2017-09-23 19:17:35 -05:00
redfast00
a8deeaf18b
Merge pull request #363 from jellemdekker/fix/improve-dh-selection-menu
...
Improved encryption strength selection menu
2017-09-24 01:16:33 +02:00
redfast00
009e4b3023
Merge pull request #362 from jellemdekker/feature/randomize-server-name
...
Randomize server Common Name for added security
2017-09-24 01:13:34 +02:00
redfast00
003b27362f
Merge pull request #361 from jellemdekker/feature/generate-crl-during-installation
...
Generate and activate CRL during installation
2017-09-24 01:12:05 +02:00
Jelle Dekker
4e77245a97
Commented out code related to adding a route to the remote subnet (e.g. 192.168.0.0).
2017-09-22 16:03:38 -05:00
Jelle Dekker
a6058a1d14
The client config contains the remote-cert-tls option to check for appropriate key usage, let's do this for the server config too.
2017-09-22 03:30:14 -05:00
Jelle Dekker
30920115b3
Implemented that a Certificate Revocation List is generated during installation after generation of other Public Key Infrastructure. Enabled this CRL in the server config. The added benefit of this is that whenever the user now revokes a client, the change is instant. Whereas before, the first time a client was revoked, the OpenVPN server had to be restarted to enabled the then-newly-generated CRL. This change also makes the file /etc/pivpn/REVOKE_STATUS obsolete.
...
Documentation: https://openvpn.net/index.php/open-source/documentation/howto.html#revoke
2017-09-22 02:46:52 -05:00
Jelle Dekker
05c6a37152
Removed the duplicate-cn option so every device/connection must use a unique certificate.
2017-09-21 23:06:02 -05:00
Jelle Dekker
97a50c66ef
Commented out a number of excess options that were set implicitly by using the 'server' option.
2017-09-21 10:49:45 -05:00
Jelle Dekker
da9e082f43
Changed the default length of the Diffie-Hellman parameters to 2048 bits. This is the default everywhere else, both in documentation as well as menu selections and other scripts in this project. This change has no real impact aside from setting the right example.
2017-09-20 22:42:29 -05:00
Kaladin Light
da5facecbc
Add 'pivpn clients' command to show list of connected clients
2016-12-08 11:43:30 -05:00
Kaladin Light
596e6c8277
Phase 3 (of 3?): pivpn modifications for easy-rsa3
...
This updates pivpn revoke
2016-12-06 11:44:07 -05:00
Kaladin Light
34e6e078e5
Phase 2 (of 3?): server.conf modifications for easy-rsa3
2016-12-04 23:34:08 -05:00
Kaladin Light
6997a0b9a7
Fixes Issue #71 :
...
- Uses network address instead of IP in the push route to avoid warnings
- If a second DNS is not entered, remove second occurence of the dhcp-option DNS
2016-11-09 15:02:40 -05:00
Kaladin Light
1b0b6478b3
Set control channel to TLS 1.2
...
Debate with myself on adding cipher list.
2016-04-26 10:39:18 -04:00
Kaladin Light
5da2626883
Increase default levels of security
2016-04-23 15:08:14 -04:00
Kaladin Light
719dfef7ae
Allow user to set DNS server clients will use
2016-04-20 12:10:06 -04:00
Kaladin Light
53565dd4fe
First commit of reworked installer
2016-04-19 14:01:55 -04:00