1
0
mirror of https://github.com/Nyr/openvpn-install.git synced 2024-11-24 14:06:07 +03:00
openvpn-install/README.md

74 lines
2.5 KiB
Markdown
Raw Normal View History

2013-05-14 16:04:19 +04:00
##openvpn-install
2015-02-11 21:51:19 +03:00
OpenVPN [road warrior](http://en.wikipedia.org/wiki/Road_warrior_%28computing%29) installer for Debian, Ubuntu and CentOS.
2013-05-14 16:04:19 +04:00
2015-02-11 21:51:19 +03:00
This script will let you setup your own VPN server in no more than a minute, even if you haven't used OpenVPN before. It isn't bulletproof but has been designed to be as unobtrusive and universal as possible.
2013-05-14 16:04:19 +04:00
2016-03-13 17:41:05 +03:00
##Fork
2016-03-09 01:16:52 +03:00
This fork includes :
2016-03-19 19:38:34 +03:00
- No logs
2016-03-21 20:36:08 +03:00
- No comp-lzo [compression is a vector for oracle attacks, e.g. CRIME or BREACH](https://github.com/BetterCrypto/Applied-Crypto-Hardening/pull/91#issuecomment-75388575)
2016-03-19 19:38:34 +03:00
- Better encryption (see below)
2016-03-09 01:16:52 +03:00
- TLS 1.2 only
2016-03-19 19:38:34 +03:00
- AES-256-CBC and SHA-512 for HMAC (instead of BF-128-CBC and SHA1)
2016-03-09 01:51:02 +03:00
- [FDN's DNS Servers](http://www.fdn.fr/actions/dns/)
2016-03-19 19:38:34 +03:00
- Nearest [OpenNIC DNS Servers](https://www.opennicproject.org/)
- Up-to-date OpenVPN (2.3.10) thanks to [EPEL](http://fedoraproject.org/wiki/EPEL) and [swupdate.openvpn.net](https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos)
2016-03-09 18:46:56 +03:00
- Every feature of the [original script](https://github.com/Nyr/openvpn-install) (I check periodically to sync the latest commits from source)
2016-03-09 01:16:52 +03:00
2016-03-19 19:38:34 +03:00
## Variants
2016-03-13 17:41:05 +03:00
2016-03-19 19:38:34 +03:00
When you lauch the script you will be asked to choose a mode. Both will work the same way, but *slow* has higher encryption settings, so it may slow down your connection and take more time to install.
2016-03-15 23:36:05 +03:00
2016-03-19 19:38:34 +03:00
If you're just using your VPN at home, you may choose "fast". But if you're often using public Wi-Fi or traveling a lot, you choose use *slow*.
2016-03-15 23:36:05 +03:00
2016-03-19 19:38:34 +03:00
FYI, "fast" is still more secured than default OpenVPN settings.
2016-03-15 23:36:05 +03:00
2016-03-19 19:38:34 +03:00
### Slow (high encryption)
Features :
- 4096 bits RSA private key
- 4096 bits Diffie-Hellman key
- 256 bits AES-GCM
- SHA-384 RSA certificate
2016-03-13 17:41:05 +03:00
2016-03-19 19:38:34 +03:00
### Fast (lower encryption)
Features :
- 2048 bits RSA private key
- 2048 bits Diffie-Hellman key
- 128 bits AES-GCM
- SHA-256 RSA certificate
2016-03-13 17:41:05 +03:00
2016-03-19 19:38:34 +03:00
## Compatibility
2016-03-13 17:53:09 +03:00
2016-03-19 19:38:34 +03:00
The script is made to work on these OS :
- Debian 7
2016-03-13 17:41:05 +03:00
- Debian 8
2016-03-19 19:38:34 +03:00
- Ubuntu 12.04 LTS
- Ubuntu 14.04 LTS
2016-03-13 17:41:05 +03:00
- Ubuntu 15.10
2016-03-14 23:20:03 +03:00
- CentOS 6
- CentOS 7
2016-03-13 17:41:05 +03:00
2016-03-19 19:38:34 +03:00
Each one has been test by myself.
2016-03-13 17:53:09 +03:00
2016-03-19 19:38:34 +03:00
##Installation
2016-03-13 17:53:09 +03:00
2016-03-19 19:38:34 +03:00
Run the script and follow the assistant:
2016-03-13 17:41:05 +03:00
2016-03-19 19:38:34 +03:00
```
2016-04-03 19:55:58 +03:00
wget --no-check-certificate https://bit.ly/ovpn-install -O openvpn-install.sh
2016-03-19 19:38:34 +03:00
chmod +x openvpn-install.sh
./openvpn-install.sh
```
2016-03-15 23:37:58 +03:00
2016-03-19 19:38:34 +03:00
Once it ends, you can run it again to add more users, remove some of them or even completely uninstall OpenVPN.
2016-03-13 17:41:05 +03:00
2016-01-01 15:53:28 +03:00
2016-03-27 03:27:47 +03:00
You can get a cheap VPS for 2€/month at [PulseHeberg](http://manager.pulseheberg.com/aff.php?aff=1204
).
2016-01-01 15:53:28 +03:00
## Licence
2016-03-13 17:41:05 +03:00
Based on the work of [Nyr](https://github.com/Nyr/openvpn-install)
2016-01-01 15:53:46 +03:00
[MIT Licence](https://raw.githubusercontent.com/Angristan/openvpn-install-nyr/master/LICENSE)