1
0
mirror of https://github.com/Nyr/openvpn-install.git synced 2024-12-01 01:16:05 +03:00

The BIG update

This commit is contained in:
Angristan 2016-03-19 17:38:34 +01:00
parent 0667668937
commit 25448611c2

View File

@ -5,14 +5,50 @@ This script will let you setup your own VPN server in no more than a minute, eve
##Fork
This fork includes :
- no logs
- No logs
- Better encryption (see below)
- TLS 1.2 only
- AES-128-GCM encryption (instead of BF-CBC)
- Legacy version for less hardened encryption
- 4096 bits DH (instead of 2048 bits)
- AES-256-CBC and SHA-512 for HMAC (instead of BF-128-CBC and SHA1)
- [FDN's DNS Servers](http://www.fdn.fr/actions/dns/)
- Nearest [OpenNIC DNS Servers](https://www.opennicproject.org/)
- Up-to-date OpenVPN (2.3.10) thanks to [EPEL](http://fedoraproject.org/wiki/EPEL) and [swupdate.openvpn.net](https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos)
- Every feature of the [original script](https://github.com/Nyr/openvpn-install) (I check periodically to sync the latest commits from source)
## Variants
When you lauch the script you will be asked to choose a mode. Both will work the same way, but *slow* has higher encryption settings, so it may slow down your connection and take more time to install.
If you're just using your VPN at home, you may choose "fast". But if you're often using public Wi-Fi or traveling a lot, you choose use *slow*.
FYI, "fast" is still more secured than default OpenVPN settings.
### Slow (high encryption)
Features :
- 4096 bits RSA private key
- 4096 bits Diffie-Hellman key
- 256 bits AES-GCM
- SHA-384 RSA certificate
### Fast (lower encryption)
Features :
- 2048 bits RSA private key
- 2048 bits Diffie-Hellman key
- 128 bits AES-GCM
- SHA-256 RSA certificate
## Compatibility
The script is made to work on these OS :
- Debian 7
- Debian 8
- Ubuntu 12.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 15.10
- CentOS 6
- CentOS 7
Each one has been test by myself.
##Installation
Run the script and follow the assistant:
@ -25,41 +61,6 @@ chmod +x openvpn-install.sh
Once it ends, you can run it again to add more users, remove some of them or even completely uninstall OpenVPN.
##Variants
When you will launch the script, you will be asked to choose the variant of the script you want to use.
To check your OpenVPN version, use `openvpn --version`
If your server **and** your client have OpenVPN 2.3.3 or higher, use *latest*. If your server **or** your client have OpenVPN 2.3.2 or lower, use *legacy*.
I made two versions to make sure you can get the best encryption possible, but also to support most devices as possible.
###Latest (OpenVPN > 2.3.3)
It will work for :
- Debian 8
- Ubuntu 15.10
- CentOS 6
- CentOS 7
- All recent clients with OpenVPN 2.3.3 or higher
###Legacy (OpenVPN < 2.3.2)
It's the same script as *latest*, but with TLS 1.0 instead of TLS 1.2 and AES-256-CBC instead of AES-128-GCM. (OpenVPN 2.3.2 and lower doesn't support `tls-min` and `tls-cipher`)
Other features are still included.
The following Operating Systems are only supported by the *legacy* variant :
- Debian 7
- Ubuntu 12.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 15.04
- All older clients with OpenVPN 2.3.2 or lower (it *could* be NAS devices, routers, etc)
If your server and/or your client does not support OpenVPN 2.3.3 or higher, you should use *legacy*.
You can get a high speed VPS in 14 locations around the world at [Vultr](http://www.vultr.com/?ref=6879746). (Sign up for 5$ free credit !)