Commit graph

22 commits

Author SHA1 Message Date
Cyb0rk
cb04be301e
DNS leak fix in server_config.txt
Added fix to prevent DNS leak on Windows 10
2018-03-17 00:45:15 +01:00
justinamcafee
3e042ef6ef
Added OPTIONAL support for duplicate certificates
Previous commits removed the duplicate cn option all together, this adds a comment to inform users of their options/choice.
2018-03-09 12:18:34 -06:00
Piero
4b47b5aa61 2.4 2018-02-15 10:14:03 +01:00
redfast00
c7dfe6283a
Merge pull request #379 from jellemdekker/fix/remove-excess-code
Removed excess code
2017-12-16 22:07:10 +01:00
Jelle Dekker
14b13d3a41 Removed the previously commented-out code. 2017-09-23 19:17:35 -05:00
redfast00
a8deeaf18b Merge pull request #363 from jellemdekker/fix/improve-dh-selection-menu
Improved encryption strength selection menu
2017-09-24 01:16:33 +02:00
redfast00
009e4b3023 Merge pull request #362 from jellemdekker/feature/randomize-server-name
Randomize server Common Name for added security
2017-09-24 01:13:34 +02:00
redfast00
003b27362f Merge pull request #361 from jellemdekker/feature/generate-crl-during-installation
Generate and activate CRL during installation
2017-09-24 01:12:05 +02:00
Jelle Dekker
4e77245a97 Commented out code related to adding a route to the remote subnet (e.g. 192.168.0.0). 2017-09-22 16:03:38 -05:00
Jelle Dekker
a6058a1d14 The client config contains the remote-cert-tls option to check for appropriate key usage, let's do this for the server config too. 2017-09-22 03:30:14 -05:00
Jelle Dekker
30920115b3 Implemented that a Certificate Revocation List is generated during installation after generation of other Public Key Infrastructure. Enabled this CRL in the server config. The added benefit of this is that whenever the user now revokes a client, the change is instant. Whereas before, the first time a client was revoked, the OpenVPN server had to be restarted to enabled the then-newly-generated CRL. This change also makes the file /etc/pivpn/REVOKE_STATUS obsolete.
Documentation: https://openvpn.net/index.php/open-source/documentation/howto.html#revoke
2017-09-22 02:46:52 -05:00
Jelle Dekker
05c6a37152 Removed the duplicate-cn option so every device/connection must use a unique certificate. 2017-09-21 23:06:02 -05:00
Jelle Dekker
97a50c66ef Commented out a number of excess options that were set implicitly by using the 'server' option. 2017-09-21 10:49:45 -05:00
Jelle Dekker
da9e082f43 Changed the default length of the Diffie-Hellman parameters to 2048 bits. This is the default everywhere else, both in documentation as well as menu selections and other scripts in this project. This change has no real impact aside from setting the right example. 2017-09-20 22:42:29 -05:00
Kaladin Light
da5facecbc Add 'pivpn clients' command to show list of connected clients 2016-12-08 11:43:30 -05:00
Kaladin Light
596e6c8277 Phase 3 (of 3?): pivpn modifications for easy-rsa3
This updates pivpn revoke
2016-12-06 11:44:07 -05:00
Kaladin Light
34e6e078e5 Phase 2 (of 3?): server.conf modifications for easy-rsa3 2016-12-04 23:34:08 -05:00
Kaladin Light
6997a0b9a7 Fixes Issue #71:
- Uses network address instead of IP in the push route to avoid warnings
- If a second DNS is not entered, remove second occurence of the dhcp-option DNS
2016-11-09 15:02:40 -05:00
Kaladin Light
1b0b6478b3 Set control channel to TLS 1.2
Debate with myself on adding cipher list.
2016-04-26 10:39:18 -04:00
Kaladin Light
5da2626883 Increase default levels of security 2016-04-23 15:08:14 -04:00
Kaladin Light
719dfef7ae Allow user to set DNS server clients will use 2016-04-20 12:10:06 -04:00
Kaladin Light
53565dd4fe First commit of reworked installer 2016-04-19 14:01:55 -04:00