From 28a242713be50147be0a97a710381740cf91f188 Mon Sep 17 00:00:00 2001
From: Kilian von Pflugk <jumoog@users.noreply.github.com>
Date: Wed, 31 Aug 2016 11:23:10 +0200
Subject: [PATCH] harden script

---
 openvpn-install.sh | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/openvpn-install.sh b/openvpn-install.sh
index 1e24c9a..d632280 100644
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@@ -276,7 +276,10 @@ ifconfig-pool-persist ipp.txt" > /etc/openvpn/server.conf
 		;;
 	esac
 	echo "keepalive 10 120
-cipher AES-128-CBC
+cipher AES-256-CBC
+auth SHA512
+tls-version-min 1.2
+tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
 comp-lzo
 user nobody
 group $GROUPNAME
@@ -375,8 +378,11 @@ nobind
 persist-key
 persist-tun
 remote-cert-tls server
-cipher AES-128-CBC
+cipher AES-256-CBC
+auth SHA512
 comp-lzo
+tls-version-min 1.2
+tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
 setenv opt block-outside-dns
 key-direction 1
 verb 3" > /etc/openvpn/client-common.txt