From 515d9428911d7420c7d95c0288583517a000c54f Mon Sep 17 00:00:00 2001
From: "Dylan M. Taylor" <dylan.m.taylor92@gmail.com>
Date: Thu, 30 Apr 2015 16:10:05 -0400
Subject: [PATCH] Significantly increase the number of bits to increase
 cryptography strength

---
 openvpn-install.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/openvpn-install.sh b/openvpn-install.sh
index f384ddc..b1f0bad 100755
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@@ -210,7 +210,7 @@ else
 	# Let's fix one thing first...
 	cp -u -p openssl-1.0.0.cnf openssl.cnf
 	# Fuck you NSA - 1024 bits was the default for Debian Wheezy and older
-	sed -i 's|export KEY_SIZE=1024|export KEY_SIZE=2048|' /etc/openvpn/easy-rsa/2.0/vars
+	sed -i 's|export KEY_SIZE=1024|export KEY_SIZE=4096|' /etc/openvpn/easy-rsa/2.0/vars
 	# Create the PKI
 	. /etc/openvpn/easy-rsa/2.0/vars
 	. /etc/openvpn/easy-rsa/2.0/clean-all
@@ -235,10 +235,10 @@ else
 	fi
 	cp server.conf /etc/openvpn/
 	cd /etc/openvpn/easy-rsa/2.0/keys
-	cp ca.crt ca.key dh2048.pem server.crt server.key /etc/openvpn
+	cp ca.crt ca.key dh4096.pem server.crt server.key /etc/openvpn
 	cd /etc/openvpn/
 	# Set the server configuration
-	sed -i 's|dh dh1024.pem|dh dh2048.pem|' server.conf
+	sed -i 's|dh dh1024.pem|dh dh4096.pem|' server.conf
 	sed -i 's|;push "redirect-gateway def1 bypass-dhcp"|push "redirect-gateway def1 bypass-dhcp"|' server.conf
 	sed -i "s|port 1194|port $PORT|" server.conf
 	# DNS