From b5072b3e5946d6b2c74695ebfcd1b0f52065937d Mon Sep 17 00:00:00 2001
From: Birkhoff <23278129+birkhoffcheng@users.noreply.github.com>
Date: Sun, 8 Jul 2018 16:22:47 -0400
Subject: [PATCH] Customizable cipher mode

---
 openvpn-install.sh | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/openvpn-install.sh b/openvpn-install.sh
index 87e7768..89fc202 100644
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@@ -168,7 +168,7 @@ if [[ -e /etc/openvpn/server.conf ]]; then
 	done
 else
 	clear
-	echo 'Welcome to this OpenVPN "road warrior" installer!'
+	echo 'Welcome to this OpenVPN installer!'
 	echo
 	# OpenVPN setup and first user creation
 	echo "I need to ask you a few questions before starting the setup."
@@ -202,6 +202,19 @@ else
 	echo "What port do you want OpenVPN listening to?"
 	read -p "Port: " -e -i 1194 PORT
 	echo
+	echo "Which cipher mode do you want to use?"
+	echo "   1) AES-256-GCM (provides authenticated encryption)"
+	echo "   2) AES-256-CBC (compatible with versions of OpenVPN older than 2.4)"
+	read -p "Cipher Mode [1-2]" -e -i 1 CIPHERCHOICE
+	case $CIPHERCHOICE in
+		1)
+		CIPHER=AES-256-GCM
+		;;
+		2)
+		CIPHER=AES-256-CBC
+		;;
+	esac
+	echo
 	echo "Which DNS do you want to use with the VPN?"
 	echo "   1) Current system resolvers"
 	echo "   2) 1.1.1.1"
@@ -296,7 +309,7 @@ ifconfig-pool-persist ipp.txt" > /etc/openvpn/server.conf
 		;;
 	esac
 	echo "keepalive 10 120
-cipher AES-256-GCM
+cipher $CIPHER
 comp-lzo
 user nobody
 group $GROUPNAME
@@ -385,7 +398,7 @@ persist-key
 persist-tun
 remote-cert-tls server
 auth SHA512
-cipher AES-256-GCM
+cipher $CIPHER
 comp-lzo
 setenv opt block-outside-dns
 key-direction 1