mirror of
https://github.com/hwdsl2/openvpn-install.git
synced 2024-06-08 06:05:36 +02:00
Improve VPN ciphers
- Switch to the faster AES-128-GCM cipher and SHA256. Thanks @do02fw for the suggestion in #12.
This commit is contained in:
parent
cf856186cd
commit
c3eb5b8344
|
@ -650,7 +650,7 @@ ca ca.crt
|
|||
cert server.crt
|
||||
key server.key
|
||||
dh dh.pem
|
||||
auth SHA512
|
||||
auth SHA256
|
||||
tls-crypt tc.key
|
||||
topology subnet
|
||||
server 10.8.0.0 255.255.255.0" > /etc/openvpn/server/server.conf
|
||||
|
@ -706,7 +706,7 @@ server 10.8.0.0 255.255.255.0" > /etc/openvpn/server/server.conf
|
|||
esac
|
||||
echo 'push "block-outside-dns"' >> /etc/openvpn/server/server.conf
|
||||
echo "keepalive 10 120
|
||||
cipher AES-256-CBC
|
||||
cipher AES-128-GCM
|
||||
user nobody
|
||||
group $group_name
|
||||
persist-key
|
||||
|
@ -806,8 +806,8 @@ nobind
|
|||
persist-key
|
||||
persist-tun
|
||||
remote-cert-tls server
|
||||
auth SHA512
|
||||
cipher AES-256-CBC
|
||||
auth SHA256
|
||||
cipher AES-128-GCM
|
||||
ignore-unknown-option block-outside-dns
|
||||
verb 3" > /etc/openvpn/server/client-common.txt
|
||||
# Enable and start the OpenVPN service
|
||||
|
|
Loading…
Reference in New Issue
Block a user