From e80428aa3fe3ca2c9adebd4a5416f74dd7415ab0 Mon Sep 17 00:00:00 2001 From: James Upjohn Date: Wed, 3 Jan 2018 13:14:20 +1300 Subject: [PATCH 01/18] Added compatibility note for Arch arm64 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 53ca0d2..be3ef69 100644 --- a/README.md +++ b/README.md @@ -66,7 +66,7 @@ The script is made to work on these OS and architectures : - **Fedora 27** (amd64) - **CentOS 6** (i386, amd64) - **CentOS 7** (i386, amd64, arm64) -- **Arch Linux** (i686, amd64) +- **Arch Linux** (i686, amd64, arm64) (It should also work on Debian unstable/testing and Ubuntu beta). From 16403a1721040783f2aaccc098a2dc0ec449d180 Mon Sep 17 00:00:00 2001 From: Angristan Date: Mon, 8 Jan 2018 18:40:18 +0100 Subject: [PATCH 02/18] Fix image link --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 53ca0d2..c47c2b3 100644 --- a/README.md +++ b/README.md @@ -32,7 +32,7 @@ When OpenVPN is installed, you can run the script again, and you will get the ch - Remove a client - Uninstall OpenVPN -![](https://lut.im/Z8xfJ8WqyO/3JoPmJK8VRp6zwOE) +![](https://i.imgur.com/l7elEtB.png) ## Why make a fork ? From 2c346d450e2461f01641f76e486ed9a47ac5e3f6 Mon Sep 17 00:00:00 2001 From: Angristan Date: Mon, 8 Jan 2018 21:28:54 +0100 Subject: [PATCH 03/18] Resize image --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 47b87c6..afbecc2 100644 --- a/README.md +++ b/README.md @@ -32,7 +32,7 @@ When OpenVPN is installed, you can run the script again, and you will get the ch - Remove a client - Uninstall OpenVPN -![](https://i.imgur.com/l7elEtB.png) +![](https://i.imgur.com/AlW9g7t.png) ## Why make a fork ? From f681c0bd3426cc0f825345d483a283da537d34d2 Mon Sep 17 00:00:00 2001 From: Angristan Date: Thu, 11 Jan 2018 11:08:35 +0100 Subject: [PATCH 04/18] Add Amazon Linux support Fixes https://github.com/Angristan/OpenVPN-install/issues/128 --- openvpn-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index fc9932f..ec21f40 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -40,7 +40,7 @@ if [[ -e /etc/debian_version ]]; then exit 4 fi fi -elif [[ -e /etc/centos-release || -e /etc/redhat-release && ! -e /etc/fedora-release ]]; then +elif [[ -e /etc/centos-release || -e /etc/redhat-release || -e /etc/system-release && ! -e /etc/fedora-release ]]; then OS=centos IPTABLES='/etc/iptables/iptables.rules' SYSCTL='/etc/sysctl.conf' From 4f5f43e503ad4078f31a2589fca7d7af2ec8cb0d Mon Sep 17 00:00:00 2001 From: cezar97 <34601855+cezar97@users.noreply.github.com> Date: Thu, 18 Jan 2018 17:19:51 +0100 Subject: [PATCH 05/18] Randomize CN and server name, fixed #48 Solution taken from pivpn install script here: https://github.com/pivpn/pivpn/blob/master/auto_install/install.sh. Repo in https://github.com/pivpn/pivpn. --- openvpn-install.sh | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index ec21f40..65170e5 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -469,18 +469,25 @@ WantedBy=multi-user.target" > /etc/systemd/system/iptables.service chown -R root:root /etc/openvpn/easy-rsa/ rm -rf ~/EasyRSA-3.0.3.tgz cd /etc/openvpn/easy-rsa/ + # Generate a random, alphanumeric identifier of 16 characters for CN and one for server name => + ### => FROM https://github.com/pivpn/pivpn/blob/master/auto_install/install.sh ### + NEW_UUID_CN=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1) + NEW_UUID_SERVER=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1) + SERVER_CN="cn_$NEW_UUID_CN" + SERVER_NAME="server_$NEW_UUID_SERVER" echo "set_var EASYRSA_KEY_SIZE $RSA_KEY_SIZE" > vars + echo "set_var EASYRSA_REQ_CN $SERVER_CN" >> vars # Create the PKI, set up the CA, the DH params and the server + client certificates ./easyrsa init-pki ./easyrsa --batch build-ca nopass openssl dhparam -out dh.pem $DH_KEY_SIZE - ./easyrsa build-server-full server nopass + ./easyrsa build-server-full $SERVER_NAME nopass ./easyrsa build-client-full $CLIENT nopass EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl # generate tls-auth key openvpn --genkey --secret /etc/openvpn/tls-auth.key # Move all the generated files - cp pki/ca.crt pki/private/ca.key dh.pem pki/issued/server.crt pki/private/server.key /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn + cp pki/ca.crt pki/private/ca.key dh.pem pki/issued/$SERVER_NAME.crt pki/private/$SERVER_NAME.key /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn # Make cert revocation list readable for non-root chmod 644 /etc/openvpn/crl.pem @@ -539,8 +546,8 @@ ifconfig-pool-persist ipp.txt" >> /etc/openvpn/server.conf echo 'push "redirect-gateway def1 bypass-dhcp" '>> /etc/openvpn/server.conf echo "crl-verify crl.pem ca ca.crt -cert server.crt -key server.key +cert $SERVER_NAME.crt +key $SERVER_NAME.key tls-auth tls-auth.key 0 dh dh.pem auth SHA256 From 931190dd59ff48237ee9a8592ff61ad3aadf9f00 Mon Sep 17 00:00:00 2001 From: cezar97 <34601855+cezar97@users.noreply.github.com> Date: Thu, 18 Jan 2018 17:36:31 +0100 Subject: [PATCH 06/18] Verify server name to strengthen security --- openvpn-install.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/openvpn-install.sh b/openvpn-install.sh index 65170e5..4553502 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -678,6 +678,7 @@ nobind persist-key persist-tun remote-cert-tls server +verify-x509-name $SERVER_NAME name auth SHA256 auth-nocache $CIPHER From 7c7084238f32a71d4e3ccb71b9538a02b5a6e8b9 Mon Sep 17 00:00:00 2001 From: Angristan Date: Tue, 23 Jan 2018 12:19:01 +0100 Subject: [PATCH 07/18] Update EasyRSA to 3.0.4 Fixes "./easyrsa: 644: ./easyrsa: [[: not found" --- openvpn-install.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index ec21f40..d0b7afe 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -462,12 +462,12 @@ WantedBy=multi-user.target" > /etc/systemd/system/iptables.service rm -rf /etc/openvpn/easy-rsa/ fi # Get easy-rsa - wget -O ~/EasyRSA-3.0.3.tgz https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.3/EasyRSA-3.0.3.tgz - tar xzf ~/EasyRSA-3.0.3.tgz -C ~/ - mv ~/EasyRSA-3.0.3/ /etc/openvpn/ - mv /etc/openvpn/EasyRSA-3.0.3/ /etc/openvpn/easy-rsa/ + wget -O ~/EasyRSA-3.0.4.tgz https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.4/EasyRSA-3.0.4.tgz + tar xzf ~/EasyRSA-3.0.4.tgz -C ~/ + mv ~/EasyRSA-3.0.4/ /etc/openvpn/ + mv /etc/openvpn/EasyRSA-3.0.4/ /etc/openvpn/easy-rsa/ chown -R root:root /etc/openvpn/easy-rsa/ - rm -rf ~/EasyRSA-3.0.3.tgz + rm -rf ~/EasyRSA-3.0.4.tgz cd /etc/openvpn/easy-rsa/ echo "set_var EASYRSA_KEY_SIZE $RSA_KEY_SIZE" > vars # Create the PKI, set up the CA, the DH params and the server + client certificates From 28dba0250498671cc1f54bd28515b94f37a6c6ae Mon Sep 17 00:00:00 2001 From: Angristan Date: Tue, 23 Jan 2018 15:07:19 +0100 Subject: [PATCH 08/18] Improve markdown Just some tiny fixes, thanks markdown linter --- README.md | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index afbecc2..1bb3ee6 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,5 @@ # OpenVPN-install + OpenVPN installer for Debian, Ubuntu, Fedora, CentOS and Arch Linux. This script will let you setup your own secure VPN server in just a few minutes. @@ -16,10 +17,11 @@ You can get a cheap VPS to run this script for $2.50/month worldwide at [Vultr]( First, get the script and make it executable : -``` +```bash wget https://raw.githubusercontent.com/Angristan/OpenVPN-install/master/openvpn-install.sh chmod +x openvpn-install.sh ``` + Then run it : `./openvpn-install.sh` @@ -34,7 +36,7 @@ When OpenVPN is installed, you can run the script again, and you will get the ch ![](https://i.imgur.com/AlW9g7t.png) -## Why make a fork ? +## The fork This script is based on the great work of [Nyr and its contributors](https://github.com/Nyr/openvpn-install). @@ -53,6 +55,7 @@ On the client-side, it's less problematic, but if you want to use an OpenVPN ser ## Compatibility The script is made to work on these OS and architectures : + - **Debian 7** (i386, amd64) - **Debian 8** (i386, amd64) - **Debian 9** (i386, amd64, armhf, arm64) @@ -75,6 +78,7 @@ If your're using an Ubuntu version that is not supported by the script, be aware ## Features This fork includes the following features : + - Every feature of the [original script](https://github.com/Nyr/openvpn-install) - Better encryption, see below - Better DNS resolvers, see below @@ -108,13 +112,13 @@ Any other fast, trustable and neutral servers proposition is welcome. The main reason why I made this fork is to improve the encryption. Indeed, OpenVPN's default parameters are weak (and that's what [Nyr's script](https://github.com/Nyr/openvpn-install) uses). -I want to justify all my choices regarding the encryption settings I have chosen, to prove that I'm not some random noob as some may think. 😉 +I want to justify all my choices regarding the encryption settings I have chosen, to prove that I'm not some random noob as some may think. 😉 However I'm far from a crypto expert, so don't hesitate to doubt what I say (I put links to my sources anyway), and to open an issue to correct me. OpenVPN 2.4 will be a great update on the encryption part, because we'll be able to use elliptic curves, so ECDSA and ECDH (as well for the control channel), and AES GCM. They are faster and more secure. I will, of course, update the script when it will be available. -**Note:** With OpenVPN's default parameters, you have a relatively weak encryption. Nonetheless, your trafic is still encrypted, so unless you're under surveillance, probably no one will try to decrypt it. Yet it's not a reason to use old and weak algorithm when there are much better ones available. 😉 +**Note:** With OpenVPN's default parameters, you have a relatively weak encryption. Nonetheless, your trafic is still encrypted, so unless you're under surveillance, probably no one will try to decrypt it. Yet it's not a reason to use old and weak algorithm when there are much better ones available. 😉 ### TLS version @@ -144,7 +148,7 @@ It also supports SHA1 and MD5, which are unsafe, and all the SHA2 family. I didn ### Data channel's cipher -By default, OpenVPN uses `BF-CBC` as the data channel cipher. Blowfish is an old (1993) an weak alogorithm. What's *funny* is that even the official OpenVPN documentation admits it. +By default, OpenVPN uses `BF-CBC` as the data channel cipher. Blowfish is an old (1993) an weak alogorithm. What's *funny* is that even the official OpenVPN documentation admits it. >The default is BF-CBC, an abbreviation for Blowfish in Cipher Block Chaining mode. Using BF-CBC is no longer recommended, because of its 64-bit block size. This small block size allows attacks based on collisions, as demonstrated by SWEET32. See https://community.openvpn.net/openvpn/wiki/SWEET32 for details. @@ -168,11 +172,13 @@ Convinced ? The [SWEET32 vulnerability page](https://community.openvpn.net/openvpn/wiki/SWEET32) from OpenVPN's documentation says : >The following ciphers are affected, and should no longer be used: + - BF-* - DES* (including 3DES variants) - RC2-* >The following ciphers are *not* affected: + - AES-* - CAMELLIA-* - SEED-* @@ -242,7 +248,7 @@ SHA-1 is not safe anymore, so I use SHA-256 which is safe and widely used. >The primary benefit is that an unauthenticated client cannot cause the same CPU/crypto load against a server as the junk traffic can be dropped much sooner. This can aid in mitigating denial-of-service attempts. ->This feature by itself does not improve the TLS auth in any way, although it offers a 2nd line of defense if a future flaw is discovered in a particular TLS cipher-suite or implementation (such as CVE-2014-0160, Heartbleed, where the tls-auth key provided protection against attackers who did not have a copy). However, it offers no protection at all in the event of a complete cryptographic break that can allow decryption of a cipher-suite's traffic. +>This feature by itself does not improve the TLS auth in any way, although it offers a 2nd line of defense if a future flaw is discovered in a particular TLS cipher-suite or implementation (such as CVE-2014-0160, Heartbleed, where the tls-auth key provided protection against attackers who did not have a copy). However, it offers no protection at all in the event of a complete cryptographic break that can allow decryption of a cipher-suite's traffic. [Source](https://openvpn.net/index.php/open-source/documentation/howto.html#security) From d19283c46ffe5333639a9fb6bf275326fc78102b Mon Sep 17 00:00:00 2001 From: Angristan Date: Thu, 25 Jan 2018 12:23:25 +0100 Subject: [PATCH 09/18] Optmize vars I'm not removing the PiVPN mention because I don't want to credit them, but to not bloat the script. Their contribution will be available via git blame + https://github.com/Angristan/OpenVPN-install/pull/151 :) --- openvpn-install.sh | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index 4553502..338a544 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -469,12 +469,9 @@ WantedBy=multi-user.target" > /etc/systemd/system/iptables.service chown -R root:root /etc/openvpn/easy-rsa/ rm -rf ~/EasyRSA-3.0.3.tgz cd /etc/openvpn/easy-rsa/ - # Generate a random, alphanumeric identifier of 16 characters for CN and one for server name => - ### => FROM https://github.com/pivpn/pivpn/blob/master/auto_install/install.sh ### - NEW_UUID_CN=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1) - NEW_UUID_SERVER=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1) - SERVER_CN="cn_$NEW_UUID_CN" - SERVER_NAME="server_$NEW_UUID_SERVER" + # Generate a random, alphanumeric identifier of 16 characters for CN and one for server name + SERVER_CN="cn_$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1)" + SERVER_NAME="server_$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1)" echo "set_var EASYRSA_KEY_SIZE $RSA_KEY_SIZE" > vars echo "set_var EASYRSA_REQ_CN $SERVER_CN" >> vars # Create the PKI, set up the CA, the DH params and the server + client certificates From 0c26b673437b3953e52ec371ab705164e848fc09 Mon Sep 17 00:00:00 2001 From: Angristan Date: Thu, 25 Jan 2018 12:26:43 +0100 Subject: [PATCH 10/18] Add rendomized server name https://github.com/Angristan/OpenVPN-install/pull/151 --- README.md | 526 +++++++++++++++++++++++++++--------------------------- 1 file changed, 263 insertions(+), 263 deletions(-) diff --git a/README.md b/README.md index 1bb3ee6..747bb63 100644 --- a/README.md +++ b/README.md @@ -1,263 +1,263 @@ -# OpenVPN-install - -OpenVPN installer for Debian, Ubuntu, Fedora, CentOS and Arch Linux. - -This script will let you setup your own secure VPN server in just a few minutes. - -Here is a preview of the installer : - -![](https://lut.im/IzjFrfhM18/DY8KD91W0uMhEgLp.png) -![](https://lut.im/eODTn8Sa9y/euCqh0wzXwlz3UNs.png) - -## Usage - -**You have to enable the TUN module otherwise OpenVPN won't work.** Ask your host if you don't know how to do it. If the TUN module is not enabled, the script will warn you and exit. - -You can get a cheap VPS to run this script for $2.50/month worldwide at [Vultr](https://goo.gl/Xyd1Sc) or 3€/month for unlimited bandwidth in France at [PulseHeberg](https://goo.gl/76yqW5). - -First, get the script and make it executable : - -```bash -wget https://raw.githubusercontent.com/Angristan/OpenVPN-install/master/openvpn-install.sh -chmod +x openvpn-install.sh -``` - -Then run it : - -`./openvpn-install.sh` - -The first time you run it, you'll have to follow the assistant and answer a few questions to setup your VPN server. - -When OpenVPN is installed, you can run the script again, and you will get the choice to : - -- Add a client -- Remove a client -- Uninstall OpenVPN - -![](https://i.imgur.com/AlW9g7t.png) - -## The fork - -This script is based on the great work of [Nyr and its contributors](https://github.com/Nyr/openvpn-install). - -I made it because I wanted to have a more secured OpenVPN out-of-the-box. It works like the original script, but is more focused on privacy and espicially better encryption. Nyr's original script uses mainly default parameters regarding encryption, and some of them are unsecure. See [#encryption](#encryption). - -Also, Nyr and myself clearly have not the same point of view regarding this script, that's why it's a fork. - -The only drawback is that you need to use a recent version of OpenVPN, because some parameters that requires TLS 1.2 are only availble since OpenVPN 2.3.3. Therefore I restrain the compatibility of this script to a few but widely used GNU/Linux distributions, to get a recent version of OpenVPN from trusted third-party repositories, if needed. That is not a complete drawback tough, because it means that you can have the latest version with all the new features and security fixes. See [compatibilty](#compatibility). - -On the client-side, it's less problematic, but if you want to use an OpenVPN server installed with this script with an old client (\<2.3.3), it won't work. However I don't see why you would use an outdated client. - -**TL;DR**, this script is relatively secure, and you can just press enter in the setup. - -**[A Pull Request](https://github.com/Angristan/OpenVPN-install/pull/96) is currently being worked on to implement the latest OpenVPN 2.4 features.** - -## Compatibility - -The script is made to work on these OS and architectures : - -- **Debian 7** (i386, amd64) -- **Debian 8** (i386, amd64) -- **Debian 9** (i386, amd64, armhf, arm64) -- **Ubuntu 12.04 LTS** (i386, amd64) -- **Ubuntu 14.04 LTS** (i386, amd64) -- **Ubuntu 16.04 LTS** (i386, amd64) -- **Ubuntu 16.10** (i386, amd64, armhf, arm64) -- **Ubuntu 17.04** (i386, amd64, armhf, arm64) -- **Fedora 25** (amd64) -- **Fedora 26** (amd64) -- **Fedora 27** (amd64) -- **CentOS 6** (i386, amd64) -- **CentOS 7** (i386, amd64, arm64) -- **Arch Linux** (i686, amd64, arm64) - -(It should also work on Debian unstable/testing and Ubuntu beta). - -If your're using an Ubuntu version that is not supported by the script, be aware that it's not supported by Ubuntu either, thus it's insecure. - -## Features - -This fork includes the following features : - -- Every feature of the [original script](https://github.com/Nyr/openvpn-install) -- Better encryption, see below -- Better DNS resolvers, see below -- Choice between TCP and UDP (UDP is still recommended) -- Run server in [unprivileged mode](https://github.com/Angristan/OpenVPN-install/blob/master/openvpn-install.sh#L426), reducing risks to the system -- [Block DNS leak on Windows 10](https://community.openvpn.net/openvpn/ticket/605) -- No comp-lzo, as [compression is a vector for oracle attacks, e.g. CRIME or BREACH](https://github.com/BetterCrypto/Applied-Crypto-Hardening/pull/91#issuecomment-75388575) -- [Arch Linux support](https://github.com/Angristan/OpenVPN-install/pull/2) -- Up-to-date OpenVPN thanks to [EPEL](http://fedoraproject.org/wiki/EPEL) for CentOS and [swupdate.openvpn.net](https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos) for Ubuntu and Debian. These are third-party yet trusted repositories. -- Other improvements ! - -## DNS - -The script will ask you which DNS resolvers you want to use when connected to the VPN. - -Here are the possibilities : - -- Current system resolvers, those that are in `/etc/resolv.conf` -- [Quad9](https://www.quad9.net), recommended, security and privacy oriented, fast worldwide (Anycast servers) -- [FDN's DNS Servers](http://www.fdn.fr/actions/dns/), recommended if you're in western europe (France) -- [DNS.WATCH DNS Servers](https://dns.watch/index), recommended if you're in western europe (Germany) -- [OpenDNS](https://en.wikipedia.org/wiki/OpenDNS), not recommened but fast wordlwide (Anycast servers) -- [Google Public DNS](https://en.wikipedia.org/wiki/Google_Public_DNS), not recommended, but fast worldwide (Anycast servers) -- [Yandex Basic DNS](https://dns.yandex.com/), not recommended, but fast in Russia -- [AdGuard DNS](https://github.com/AdguardTeam/AdguardDNS), located in Russia, blocks ads and trackers -- Soon : local resolver :D - -Any other fast, trustable and neutral servers proposition is welcome. - -## Encryption - -The main reason why I made this fork is to improve the encryption. Indeed, OpenVPN's default parameters are weak (and that's what [Nyr's script](https://github.com/Nyr/openvpn-install) uses). - -I want to justify all my choices regarding the encryption settings I have chosen, to prove that I'm not some random noob as some may think. 😉 - -However I'm far from a crypto expert, so don't hesitate to doubt what I say (I put links to my sources anyway), and to open an issue to correct me. - -OpenVPN 2.4 will be a great update on the encryption part, because we'll be able to use elliptic curves, so ECDSA and ECDH (as well for the control channel), and AES GCM. They are faster and more secure. I will, of course, update the script when it will be available. - -**Note:** With OpenVPN's default parameters, you have a relatively weak encryption. Nonetheless, your trafic is still encrypted, so unless you're under surveillance, probably no one will try to decrypt it. Yet it's not a reason to use old and weak algorithm when there are much better ones available. 😉 - -### TLS version - -OpenVPN uses TLS 1.0 by default, which is nearly [20 years old](https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_1.0). - -With `tls-version-min 1.2` we use at least TLS 1.2, which the best protocol available currently. I could have used `tls-version-min highest` but this does not ensure we use TLS 1.2 which is the only secure protocol available. - -[OpenVPN documentation for tls-version-min](https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbAK) - -TLS 1.2 is only supported since OpenVPN 2.3.3. This is one of the reasons of the script uses third-party repositories, because some distributions have an older version of OpenVPN. - -### Certificate - -#### Key - -OpenVPN uses an RSA certificate with a 2048 bits key [by default](https://github.com/OpenVPN/easy-rsa/blob/master/easyrsa3/vars.example#L97). - -2048 bits is OK, but both [NSA](https://cryptome.org/2016/01/CNSA-Suite-and-Quantum-Computing-FAQ.pdf) and [ANSSI](https://www.ssi.gouv.fr/uploads/2015/01/RGS_v-2-0_B1.pdf) recommend at least a 3072 bits for a future-proof key. As the size of the key will have an impact on speed, I leave the choice to use 2048, 3072 or 4096 bits RSA key. 4096 bits is what's most used and recommened today, but 3072 bits is still good. - -In OpenVPN 2.4, we will be able to use an ECDSA certificate. This algorithm uses elliptic curves instead of prime numbers' factorization for a reduced key size and calculation time, thus it's faster and more secure. - -#### Signature hash - -OpenVPN uses SHA-256 [by default](https://github.com/OpenVPN/easy-rsa/blob/master/easyrsa3/vars.example#L192). - -It also supports SHA1 and MD5, which are unsafe, and all the SHA2 family. I didn't find any reason to use something other than SHA-256 in the SHA2 group, so the script still uses the default hash algorithm. - -### Data channel's cipher - -By default, OpenVPN uses `BF-CBC` as the data channel cipher. Blowfish is an old (1993) an weak alogorithm. What's *funny* is that even the official OpenVPN documentation admits it. - ->The default is BF-CBC, an abbreviation for Blowfish in Cipher Block Chaining mode. -Using BF-CBC is no longer recommended, because of its 64-bit block size. This small block size allows attacks based on collisions, as demonstrated by SWEET32. See https://community.openvpn.net/openvpn/wiki/SWEET32 for details. - -[Source](https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbAI) - ->Security researchers at INRIA published an attack on 64-bit block ciphers, such as 3DES and Blowfish. They show that they are able to recover plaintext when the same data is sent often enough, and show how they can use cross-site scripting vulnerabilities to send data of interest often enough. This works over HTTPS, but also works for HTTP-over-OpenVPN. See ​https://sweet32.info/ for a much better and more elaborate explanation. -> OpenVPN's default cipher, BF-CBC, is affected by this attack. - -[Source](https://community.openvpn.net/openvpn/wiki/SWEET32) - ->Blowfish's use of a 64-bit block size (as opposed to e.g. AES's 128-bit block size) makes it vulnerable to birthday attacks, particularly in contexts like HTTPS. In 2016, the SWEET32 attack demonstrated how to leverage birthday attacks to perform plaintext recovery (i.e. decrypting ciphertext) against ciphers with a 64-bit block size such as Blowfish.[9] - ->A reduced-round variant of Blowfish is known to be susceptible to known-plaintext attacks on reflectively weak keys. Blowfish implementations use 16 rounds of encryption, and are not susceptible to this attack. Blowfish users are encouraged by Bruce Schneier, Blowfish's creator, to use the more modern and computationally efficient alternative Twofish. He is quoted in 2007 as saying: - ->"At this point, though, I'm amazed it's still being used. If people ask, I recommend Twofish instead." - -[Source](https://en.wikipedia.org/wiki/Blowfish_(cipher)#Weakness_and_successors) - -Convinced ? - -The [SWEET32 vulnerability page](https://community.openvpn.net/openvpn/wiki/SWEET32) from OpenVPN's documentation says : ->The following ciphers are affected, and should no longer be used: - -- BF-* -- DES* (including 3DES variants) -- RC2-* - ->The following ciphers are *not* affected: - -- AES-* -- CAMELLIA-* -- SEED-* - -Indeed, AES is today's standard. It's the fastest and more secure cipher available today. [SEED](https://en.wikipedia.org/wiki/SEED) and [Camellia](https://en.wikipedia.org/wiki/Camellia_(cipher)) are not vulnerable to date but are slower than AES and relatively less trusted. - -As they have not any proven vulnerabilities, I decided to give the user the choice to use them, though I don't see any particular reason to this day to use it. Maybe someday if AES happens to be broken. Here is an exemple about [why Camellia is good, but AES is better and should be used](http://crypto.stackexchange.com/questions/476/why-does-nobody-use-or-break-the-camellia-cipher/477#477). - -Currently AES is only available in its CBC mode, which is weaker than GCM. - -To quote the [OpenVPN documentation](https://community.openvpn.net/openvpn/wiki/SWEET32) : - ->Of the currently supported ciphers, OpenVPN currently recommends using AES-256-CBC or AES-128-CBC. OpenVPN 2.4 and newer will also support GCM. For 2.4+, we recommend using AES-256-GCM or AES-128-GCM. - -Of course I will update the script to add AES-GCM mode (as well as ECDH and ECDSA) as soon as OpenVPN 2.4 is released. - -For now, these cipher are available in the setup : - -- AES-128-CBC -- AES-192-CBC -- AES-256-CBC -- CAMELLIA-128-CBC -- CAMELLIA-192-CBC -- CAMELLIA-256-CBC -- SEED-CBC - -AES-256 is 40% slower than AES-128, and there isn't any real reason to use a 256 bits key over a 128 bits key with AES. (Source : [[1]](http://security.stackexchange.com/questions/14068/why-most-people-use-256-bit-encryption-instead-of-128-bit),[[2]](http://security.stackexchange.com/questions/6141/amount-of-simple-operations-that-is-safely-out-of-reach-for-all-humanity/6149#6149)). - -Moreover, AES-256 is more vulnerable to [Timing attacks](https://en.wikipedia.org/wiki/Timing_attack). - -Thus, the best data channel cipher currently available in OpenVPN is `AES-128-CBC`. - -### Control channel's cipher - -According to the [Hardening](https://community.openvpn.net/openvpn/wiki/Hardening#Useof--tls-cipher) page of the OpenVPN wiki, TLS 1.2 is not supported by OpenVPN <2.3.3, so it uses a TLS 1.0 cipher by default, which is unsecure. - -> The following are TLSv1.2 DHE + RSA choices, requiring a compatible peer running at least OpenVPN 2.3.3: -- TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 -- TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 -- TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 -- TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 - -AES GCM is more secure than AES CBC, and AES 128 is secure enough today. I didn't find any security difference between SHA-256 and SHA-384 so we're going to use SHA-256. - -Thus, I have chosen `TLS-DHE-RSA-WITH-AES-128-GCM-SHA256` as the control channel cipher. - -### Diffie-Hellman key - -OpenVPN uses a 2048 bits DH key [by default](https://github.com/OpenVPN/easy-rsa/blob/master/easyrsa3/vars.example#L97). - -2048 bits is OK, but both [NSA](https://cryptome.org/2016/01/CNSA-Suite-and-Quantum-Computing-FAQ.pdf) and [ANSSI](https://www.ssi.gouv.fr/uploads/2015/01/RGS_v-2-0_B1.pdf) recommend at least a 3072 bits for a future-proof key. Like RSA, the size of the key will have an impact on speed, I leave the choice to use a 2048, 3072 or 4096 bits key. 4096 bits is what's most used and recommened today, but 3072 bits is still good. - -In OpenVPN 2.4, we will be able to use ECDH key. It uses elliptic curves instead of prime numbers' factorization for a reduced key size and calculation time, thus it's faster and more secure. - -### HMAC authentication algorithm - -To quote the OpenVPN wiki : - ->Authenticate packets with HMAC using message digest algorithm alg. (The default is SHA1 ). HMAC is a commonly used message authentication algorithm (MAC) that uses a data string, a secure hash algorithm, and a key, to produce a digital signature. -OpenVPN's usage of HMAC is to first encrypt a packet, then HMAC the resulting ciphertext. - -SHA-1 is not safe anymore, so I use SHA-256 which is safe and widely used. - -### TLS-Auth - ->The --tls-auth option uses a static pre-shared key (PSK) that must be generated in advance and shared among all peers. This features adds "extra protection" to the TLS channel by requiring that incoming packets have a valid signature generated using the PSK key. If this key is ever changed, it must be changed on all peers at the same time (there is no support for rollover.) - ->The primary benefit is that an unauthenticated client cannot cause the same CPU/crypto load against a server as the junk traffic can be dropped much sooner. This can aid in mitigating denial-of-service attempts. - ->This feature by itself does not improve the TLS auth in any way, although it offers a 2nd line of defense if a future flaw is discovered in a particular TLS cipher-suite or implementation (such as CVE-2014-0160, Heartbleed, where the tls-auth key provided protection against attackers who did not have a copy). However, it offers no protection at all in the event of a complete cryptographic break that can allow decryption of a cipher-suite's traffic. - -[Source](https://openvpn.net/index.php/open-source/documentation/howto.html#security) - -TLS-Auth is not enabled by default by OpenVPN, but it is in this script. - -## Credits & Licence - -Thanks to the [contributors](https://github.com/Angristan/OpenVPN-install/graphs/contributors) and of course Nyr's orginal work. - -[Old repo](https://github.com/Angristan/OpenVPN-install-fork-old) - -[MIT Licence](https://raw.githubusercontent.com/Angristan/openvpn-install/master/LICENSE) +# OpenVPN-install + +OpenVPN installer for Debian, Ubuntu, Fedora, CentOS and Arch Linux. + +This script will let you setup your own secure VPN server in just a few minutes. + +Here is a preview of the installer : + +![](https://lut.im/IzjFrfhM18/DY8KD91W0uMhEgLp.png) +![](https://lut.im/eODTn8Sa9y/euCqh0wzXwlz3UNs.png) + +## Usage + +**You have to enable the TUN module otherwise OpenVPN won't work.** Ask your host if you don't know how to do it. If the TUN module is not enabled, the script will warn you and exit. + +You can get a cheap VPS to run this script for $2.50/month worldwide at [Vultr](https://goo.gl/Xyd1Sc) or 3€/month for unlimited bandwidth in France at [PulseHeberg](https://goo.gl/76yqW5). + +First, get the script and make it executable : + +```bash +wget https://raw.githubusercontent.com/Angristan/OpenVPN-install/master/openvpn-install.sh +chmod +x openvpn-install.sh +``` + +Then run it : + +`./openvpn-install.sh` + +The first time you run it, you'll have to follow the assistant and answer a few questions to setup your VPN server. + +When OpenVPN is installed, you can run the script again, and you will get the choice to : + +- Add a client +- Remove a client +- Uninstall OpenVPN + +![](https://i.imgur.com/AlW9g7t.png) + +## The fork + +This script is based on the great work of [Nyr and its contributors](https://github.com/Nyr/openvpn-install). + +I made it because I wanted to have a more secured OpenVPN out-of-the-box. It works like the original script, but is more focused on privacy and espicially better encryption. Nyr's original script uses mainly default parameters regarding encryption, and some of them are unsecure. See [#encryption](#encryption). + +Also, Nyr and myself clearly have not the same point of view regarding this script, that's why it's a fork. + +The only drawback is that you need to use a recent version of OpenVPN, because some parameters that requires TLS 1.2 are only availble since OpenVPN 2.3.3. Therefore I restrain the compatibility of this script to a few but widely used GNU/Linux distributions, to get a recent version of OpenVPN from trusted third-party repositories, if needed. That is not a complete drawback tough, because it means that you can have the latest version with all the new features and security fixes. See [compatibilty](#compatibility). + +On the client-side, it's less problematic, but if you want to use an OpenVPN server installed with this script with an old client (\<2.3.3), it won't work. However I don't see why you would use an outdated client. + +**TL;DR**, this script is relatively secure, and you can just press enter in the setup. + +**[A Pull Request](https://github.com/Angristan/OpenVPN-install/pull/96) is currently being worked on to implement the latest OpenVPN 2.4 features.** + +## Compatibility + +The script is made to work on these OS and architectures : + +- **Debian 7** (i386, amd64) +- **Debian 8** (i386, amd64) +- **Debian 9** (i386, amd64, armhf, arm64) +- **Ubuntu 12.04 LTS** (i386, amd64) +- **Ubuntu 14.04 LTS** (i386, amd64) +- **Ubuntu 16.04 LTS** (i386, amd64) +- **Ubuntu 16.10** (i386, amd64, armhf, arm64) +- **Ubuntu 17.04** (i386, amd64, armhf, arm64) +- **Fedora 25** (amd64) +- **Fedora 26** (amd64) +- **Fedora 27** (amd64) +- **CentOS 6** (i386, amd64) +- **CentOS 7** (i386, amd64, arm64) +- **Arch Linux** (i686, amd64, arm64) + +(It should also work on Debian unstable/testing and Ubuntu beta). + +If your're using an Ubuntu version that is not supported by the script, be aware that it's not supported by Ubuntu either, thus it's insecure. + +## Features + +This fork includes the following features : + +- Every feature of the [original script](https://github.com/Nyr/openvpn-install) +- Better encryption, see below +- Better DNS resolvers, see below +- Choice between TCP and UDP (UDP is still recommended) +- Run server in [unprivileged mode](https://github.com/Angristan/OpenVPN-install/blob/master/openvpn-install.sh#L426), reducing risks to the system +- [Block DNS leak on Windows 10](https://community.openvpn.net/openvpn/ticket/605) +- No comp-lzo, as [compression is a vector for oracle attacks, e.g. CRIME or BREACH](https://github.com/BetterCrypto/Applied-Crypto-Hardening/pull/91#issuecomment-75388575) +- [Arch Linux support](https://github.com/Angristan/OpenVPN-install/pull/2) +- Up-to-date OpenVPN thanks to [EPEL](http://fedoraproject.org/wiki/EPEL) for CentOS and [swupdate.openvpn.net](https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos) for Ubuntu and Debian. These are third-party yet trusted repositories. +- Randomized certificate name +- Other improvements ! + +## DNS + +The script will ask you which DNS resolvers you want to use when connected to the VPN. + +Here are the possibilities : + +- Current system resolvers, those that are in `/etc/resolv.conf` +- [Quad9](https://www.quad9.net), recommended, security and privacy oriented, fast worldwide (Anycast servers) +- [FDN's DNS Servers](http://www.fdn.fr/actions/dns/), recommended if you're in western europe (France) +- [DNS.WATCH DNS Servers](https://dns.watch/index), recommended if you're in western europe (Germany) +- [OpenDNS](https://en.wikipedia.org/wiki/OpenDNS), not recommened but fast wordlwide (Anycast servers) +- [Google Public DNS](https://en.wikipedia.org/wiki/Google_Public_DNS), not recommended, but fast worldwide (Anycast servers) +- [Yandex Basic DNS](https://dns.yandex.com/), not recommended, but fast in Russia +- [AdGuard DNS](https://github.com/AdguardTeam/AdguardDNS), located in Russia, blocks ads and trackers +- Soon : local resolver :D + +Any other fast, trustable and neutral servers proposition is welcome. + +## Encryption + +The main reason why I made this fork is to improve the encryption. Indeed, OpenVPN's default parameters are weak (and that's what [Nyr's script](https://github.com/Nyr/openvpn-install) uses). + +I want to justify all my choices regarding the encryption settings I have chosen, to prove that I'm not some random noob as some may think. 😉 + +However I'm far from a crypto expert, so don't hesitate to doubt what I say (I put links to my sources anyway), and to open an issue to correct me. + +OpenVPN 2.4 will be a great update on the encryption part, because we'll be able to use elliptic curves, so ECDSA and ECDH (as well for the control channel), and AES GCM. They are faster and more secure. I will, of course, update the script when it will be available. + +**Note:** With OpenVPN's default parameters, you have a relatively weak encryption. Nonetheless, your trafic is still encrypted, so unless you're under surveillance, probably no one will try to decrypt it. Yet it's not a reason to use old and weak algorithm when there are much better ones available. 😉 + +### TLS version + +OpenVPN uses TLS 1.0 by default, which is nearly [20 years old](https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_1.0). + +With `tls-version-min 1.2` we use at least TLS 1.2, which the best protocol available currently. I could have used `tls-version-min highest` but this does not ensure we use TLS 1.2 which is the only secure protocol available. + +[OpenVPN documentation for tls-version-min](https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbAK) + +TLS 1.2 is only supported since OpenVPN 2.3.3. This is one of the reasons of the script uses third-party repositories, because some distributions have an older version of OpenVPN. + +### Certificate + +#### Key + +OpenVPN uses an RSA certificate with a 2048 bits key [by default](https://github.com/OpenVPN/easy-rsa/blob/master/easyrsa3/vars.example#L97). + +2048 bits is OK, but both [NSA](https://cryptome.org/2016/01/CNSA-Suite-and-Quantum-Computing-FAQ.pdf) and [ANSSI](https://www.ssi.gouv.fr/uploads/2015/01/RGS_v-2-0_B1.pdf) recommend at least a 3072 bits for a future-proof key. As the size of the key will have an impact on speed, I leave the choice to use 2048, 3072 or 4096 bits RSA key. 4096 bits is what's most used and recommened today, but 3072 bits is still good. + +In OpenVPN 2.4, we will be able to use an ECDSA certificate. This algorithm uses elliptic curves instead of prime numbers' factorization for a reduced key size and calculation time, thus it's faster and more secure. + +#### Signature hash + +OpenVPN uses SHA-256 [by default](https://github.com/OpenVPN/easy-rsa/blob/master/easyrsa3/vars.example#L192). + +It also supports SHA1 and MD5, which are unsafe, and all the SHA2 family. I didn't find any reason to use something other than SHA-256 in the SHA2 group, so the script still uses the default hash algorithm. + +### Data channel's cipher + +By default, OpenVPN uses `BF-CBC` as the data channel cipher. Blowfish is an old (1993) an weak alogorithm. What's *funny* is that even the official OpenVPN documentation admits it. + +>The default is BF-CBC, an abbreviation for Blowfish in Cipher Block Chaining mode. +Using BF-CBC is no longer recommended, because of its 64-bit block size. This small block size allows attacks based on collisions, as demonstrated by SWEET32. See https://community.openvpn.net/openvpn/wiki/SWEET32 for details. + +[Source](https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbAI) + +>Security researchers at INRIA published an attack on 64-bit block ciphers, such as 3DES and Blowfish. They show that they are able to recover plaintext when the same data is sent often enough, and show how they can use cross-site scripting vulnerabilities to send data of interest often enough. This works over HTTPS, but also works for HTTP-over-OpenVPN. See ​https://sweet32.info/ for a much better and more elaborate explanation. +> OpenVPN's default cipher, BF-CBC, is affected by this attack. + +[Source](https://community.openvpn.net/openvpn/wiki/SWEET32) + +>Blowfish's use of a 64-bit block size (as opposed to e.g. AES's 128-bit block size) makes it vulnerable to birthday attacks, particularly in contexts like HTTPS. In 2016, the SWEET32 attack demonstrated how to leverage birthday attacks to perform plaintext recovery (i.e. decrypting ciphertext) against ciphers with a 64-bit block size such as Blowfish.[9] + +>A reduced-round variant of Blowfish is known to be susceptible to known-plaintext attacks on reflectively weak keys. Blowfish implementations use 16 rounds of encryption, and are not susceptible to this attack. Blowfish users are encouraged by Bruce Schneier, Blowfish's creator, to use the more modern and computationally efficient alternative Twofish. He is quoted in 2007 as saying: + +>"At this point, though, I'm amazed it's still being used. If people ask, I recommend Twofish instead." + +[Source](https://en.wikipedia.org/wiki/Blowfish_(cipher)#Weakness_and_successors) + +Convinced ? + +The [SWEET32 vulnerability page](https://community.openvpn.net/openvpn/wiki/SWEET32) from OpenVPN's documentation says : +>The following ciphers are affected, and should no longer be used: + +- BF-* +- DES* (including 3DES variants) + +>The following ciphers are *not* affected: + +- AES-* +- CAMELLIA-* +- SEED-* + +Indeed, AES is today's standard. It's the fastest and more secure cipher available today. [SEED](https://en.wikipedia.org/wiki/SEED) and [Camellia](https://en.wikipedia.org/wiki/Camellia_(cipher)) are not vulnerable to date but are slower than AES and relatively less trusted. + +As they have not any proven vulnerabilities, I decided to give the user the choice to use them, though I don't see any particular reason to this day to use it. Maybe someday if AES happens to be broken. Here is an exemple about [why Camellia is good, but AES is better and should be used](http://crypto.stackexchange.com/questions/476/why-does-nobody-use-or-break-the-camellia-cipher/477#477). + +Currently AES is only available in its CBC mode, which is weaker than GCM. + +To quote the [OpenVPN documentation](https://community.openvpn.net/openvpn/wiki/SWEET32) : + +>Of the currently supported ciphers, OpenVPN currently recommends using AES-256-CBC or AES-128-CBC. OpenVPN 2.4 and newer will also support GCM. For 2.4+, we recommend using AES-256-GCM or AES-128-GCM. + +Of course I will update the script to add AES-GCM mode (as well as ECDH and ECDSA) as soon as OpenVPN 2.4 is released. + +For now, these cipher are available in the setup : + +- AES-128-CBC +- AES-192-CBC +- AES-256-CBC +- CAMELLIA-128-CBC +- CAMELLIA-192-CBC +- CAMELLIA-256-CBC +- SEED-CBC + +AES-256 is 40% slower than AES-128, and there isn't any real reason to use a 256 bits key over a 128 bits key with AES. (Source : [[1]](http://security.stackexchange.com/questions/14068/why-most-people-use-256-bit-encryption-instead-of-128-bit),[[2]](http://security.stackexchange.com/questions/6141/amount-of-simple-operations-that-is-safely-out-of-reach-for-all-humanity/6149#6149)). + +Moreover, AES-256 is more vulnerable to [Timing attacks](https://en.wikipedia.org/wiki/Timing_attack). + +Thus, the best data channel cipher currently available in OpenVPN is `AES-128-CBC`. + +### Control channel's cipher + +According to the [Hardening](https://community.openvpn.net/openvpn/wiki/Hardening#Useof--tls-cipher) page of the OpenVPN wiki, TLS 1.2 is not supported by OpenVPN <2.3.3, so it uses a TLS 1.0 cipher by default, which is unsecure. + +> The following are TLSv1.2 DHE + RSA choices, requiring a compatible peer running at least OpenVPN 2.3.3: +- TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 +- TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 +- TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 +- TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 + +AES GCM is more secure than AES CBC, and AES 128 is secure enough today. I didn't find any security difference between SHA-256 and SHA-384 so we're going to use SHA-256. + +Thus, I have chosen `TLS-DHE-RSA-WITH-AES-128-GCM-SHA256` as the control channel cipher. + +### Diffie-Hellman key + +OpenVPN uses a 2048 bits DH key [by default](https://github.com/OpenVPN/easy-rsa/blob/master/easyrsa3/vars.example#L97). + +2048 bits is OK, but both [NSA](https://cryptome.org/2016/01/CNSA-Suite-and-Quantum-Computing-FAQ.pdf) and [ANSSI](https://www.ssi.gouv.fr/uploads/2015/01/RGS_v-2-0_B1.pdf) recommend at least a 3072 bits for a future-proof key. Like RSA, the size of the key will have an impact on speed, I leave the choice to use a 2048, 3072 or 4096 bits key. 4096 bits is what's most used and recommened today, but 3072 bits is still good. + +In OpenVPN 2.4, we will be able to use ECDH key. It uses elliptic curves instead of prime numbers' factorization for a reduced key size and calculation time, thus it's faster and more secure. + +### HMAC authentication algorithm + +To quote the OpenVPN wiki : + +>Authenticate packets with HMAC using message digest algorithm alg. (The default is SHA1 ). HMAC is a commonly used message authentication algorithm (MAC) that uses a data string, a secure hash algorithm, and a key, to produce a digital signature. +OpenVPN's usage of HMAC is to first encrypt a packet, then HMAC the resulting ciphertext. + +SHA-1 is not safe anymore, so I use SHA-256 which is safe and widely used. + +### TLS-Auth + +>The --tls-auth option uses a static pre-shared key (PSK) that must be generated in advance and shared among all peers. This features adds "extra protection" to the TLS channel by requiring that incoming packets have a valid signature generated using the PSK key. If this key is ever changed, it must be changed on all peers at the same time (there is no support for rollover.) + +>The primary benefit is that an unauthenticated client cannot cause the same CPU/crypto load against a server as the junk traffic can be dropped much sooner. This can aid in mitigating denial-of-service attempts. + +>This feature by itself does not improve the TLS auth in any way, although it offers a 2nd line of defense if a future flaw is discovered in a particular TLS cipher-suite or implementation (such as CVE-2014-0160, Heartbleed, where the tls-auth key provided protection against attackers who did not have a copy). However, it offers no protection at all in the event of a complete cryptographic break that can allow decryption of a cipher-suite's traffic. + +[Source](https://openvpn.net/index.php/open-source/documentation/howto.html#security) + +TLS-Auth is not enabled by default by OpenVPN, but it is in this script. + +## Credits & Licence + +Thanks to the [contributors](https://github.com/Angristan/OpenVPN-install/graphs/contributors) and of course Nyr's orginal work. + +[Old repo](https://github.com/Angristan/OpenVPN-install-fork-old) + +[MIT Licence](https://raw.githubusercontent.com/Angristan/openvpn-install/master/LICENSE) From 019b6b2848082c6e01ca9bb302d9ddf46610d909 Mon Sep 17 00:00:00 2001 From: Angristan Date: Thu, 25 Jan 2018 12:28:27 +0100 Subject: [PATCH 11/18] Revert "Add rendomized server name" This reverts commit 0c26b673437b3953e52ec371ab705164e848fc09. --- README.md | 526 +++++++++++++++++++++++++++--------------------------- 1 file changed, 263 insertions(+), 263 deletions(-) diff --git a/README.md b/README.md index 747bb63..1bb3ee6 100644 --- a/README.md +++ b/README.md @@ -1,263 +1,263 @@ -# OpenVPN-install - -OpenVPN installer for Debian, Ubuntu, Fedora, CentOS and Arch Linux. - -This script will let you setup your own secure VPN server in just a few minutes. - -Here is a preview of the installer : - -![](https://lut.im/IzjFrfhM18/DY8KD91W0uMhEgLp.png) -![](https://lut.im/eODTn8Sa9y/euCqh0wzXwlz3UNs.png) - -## Usage - -**You have to enable the TUN module otherwise OpenVPN won't work.** Ask your host if you don't know how to do it. If the TUN module is not enabled, the script will warn you and exit. - -You can get a cheap VPS to run this script for $2.50/month worldwide at [Vultr](https://goo.gl/Xyd1Sc) or 3€/month for unlimited bandwidth in France at [PulseHeberg](https://goo.gl/76yqW5). - -First, get the script and make it executable : - -```bash -wget https://raw.githubusercontent.com/Angristan/OpenVPN-install/master/openvpn-install.sh -chmod +x openvpn-install.sh -``` - -Then run it : - -`./openvpn-install.sh` - -The first time you run it, you'll have to follow the assistant and answer a few questions to setup your VPN server. - -When OpenVPN is installed, you can run the script again, and you will get the choice to : - -- Add a client -- Remove a client -- Uninstall OpenVPN - -![](https://i.imgur.com/AlW9g7t.png) - -## The fork - -This script is based on the great work of [Nyr and its contributors](https://github.com/Nyr/openvpn-install). - -I made it because I wanted to have a more secured OpenVPN out-of-the-box. It works like the original script, but is more focused on privacy and espicially better encryption. Nyr's original script uses mainly default parameters regarding encryption, and some of them are unsecure. See [#encryption](#encryption). - -Also, Nyr and myself clearly have not the same point of view regarding this script, that's why it's a fork. - -The only drawback is that you need to use a recent version of OpenVPN, because some parameters that requires TLS 1.2 are only availble since OpenVPN 2.3.3. Therefore I restrain the compatibility of this script to a few but widely used GNU/Linux distributions, to get a recent version of OpenVPN from trusted third-party repositories, if needed. That is not a complete drawback tough, because it means that you can have the latest version with all the new features and security fixes. See [compatibilty](#compatibility). - -On the client-side, it's less problematic, but if you want to use an OpenVPN server installed with this script with an old client (\<2.3.3), it won't work. However I don't see why you would use an outdated client. - -**TL;DR**, this script is relatively secure, and you can just press enter in the setup. - -**[A Pull Request](https://github.com/Angristan/OpenVPN-install/pull/96) is currently being worked on to implement the latest OpenVPN 2.4 features.** - -## Compatibility - -The script is made to work on these OS and architectures : - -- **Debian 7** (i386, amd64) -- **Debian 8** (i386, amd64) -- **Debian 9** (i386, amd64, armhf, arm64) -- **Ubuntu 12.04 LTS** (i386, amd64) -- **Ubuntu 14.04 LTS** (i386, amd64) -- **Ubuntu 16.04 LTS** (i386, amd64) -- **Ubuntu 16.10** (i386, amd64, armhf, arm64) -- **Ubuntu 17.04** (i386, amd64, armhf, arm64) -- **Fedora 25** (amd64) -- **Fedora 26** (amd64) -- **Fedora 27** (amd64) -- **CentOS 6** (i386, amd64) -- **CentOS 7** (i386, amd64, arm64) -- **Arch Linux** (i686, amd64, arm64) - -(It should also work on Debian unstable/testing and Ubuntu beta). - -If your're using an Ubuntu version that is not supported by the script, be aware that it's not supported by Ubuntu either, thus it's insecure. - -## Features - -This fork includes the following features : - -- Every feature of the [original script](https://github.com/Nyr/openvpn-install) -- Better encryption, see below -- Better DNS resolvers, see below -- Choice between TCP and UDP (UDP is still recommended) -- Run server in [unprivileged mode](https://github.com/Angristan/OpenVPN-install/blob/master/openvpn-install.sh#L426), reducing risks to the system -- [Block DNS leak on Windows 10](https://community.openvpn.net/openvpn/ticket/605) -- No comp-lzo, as [compression is a vector for oracle attacks, e.g. CRIME or BREACH](https://github.com/BetterCrypto/Applied-Crypto-Hardening/pull/91#issuecomment-75388575) -- [Arch Linux support](https://github.com/Angristan/OpenVPN-install/pull/2) -- Up-to-date OpenVPN thanks to [EPEL](http://fedoraproject.org/wiki/EPEL) for CentOS and [swupdate.openvpn.net](https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos) for Ubuntu and Debian. These are third-party yet trusted repositories. -- Randomized certificate name -- Other improvements ! - -## DNS - -The script will ask you which DNS resolvers you want to use when connected to the VPN. - -Here are the possibilities : - -- Current system resolvers, those that are in `/etc/resolv.conf` -- [Quad9](https://www.quad9.net), recommended, security and privacy oriented, fast worldwide (Anycast servers) -- [FDN's DNS Servers](http://www.fdn.fr/actions/dns/), recommended if you're in western europe (France) -- [DNS.WATCH DNS Servers](https://dns.watch/index), recommended if you're in western europe (Germany) -- [OpenDNS](https://en.wikipedia.org/wiki/OpenDNS), not recommened but fast wordlwide (Anycast servers) -- [Google Public DNS](https://en.wikipedia.org/wiki/Google_Public_DNS), not recommended, but fast worldwide (Anycast servers) -- [Yandex Basic DNS](https://dns.yandex.com/), not recommended, but fast in Russia -- [AdGuard DNS](https://github.com/AdguardTeam/AdguardDNS), located in Russia, blocks ads and trackers -- Soon : local resolver :D - -Any other fast, trustable and neutral servers proposition is welcome. - -## Encryption - -The main reason why I made this fork is to improve the encryption. Indeed, OpenVPN's default parameters are weak (and that's what [Nyr's script](https://github.com/Nyr/openvpn-install) uses). - -I want to justify all my choices regarding the encryption settings I have chosen, to prove that I'm not some random noob as some may think. 😉 - -However I'm far from a crypto expert, so don't hesitate to doubt what I say (I put links to my sources anyway), and to open an issue to correct me. - -OpenVPN 2.4 will be a great update on the encryption part, because we'll be able to use elliptic curves, so ECDSA and ECDH (as well for the control channel), and AES GCM. They are faster and more secure. I will, of course, update the script when it will be available. - -**Note:** With OpenVPN's default parameters, you have a relatively weak encryption. Nonetheless, your trafic is still encrypted, so unless you're under surveillance, probably no one will try to decrypt it. Yet it's not a reason to use old and weak algorithm when there are much better ones available. 😉 - -### TLS version - -OpenVPN uses TLS 1.0 by default, which is nearly [20 years old](https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_1.0). - -With `tls-version-min 1.2` we use at least TLS 1.2, which the best protocol available currently. I could have used `tls-version-min highest` but this does not ensure we use TLS 1.2 which is the only secure protocol available. - -[OpenVPN documentation for tls-version-min](https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbAK) - -TLS 1.2 is only supported since OpenVPN 2.3.3. This is one of the reasons of the script uses third-party repositories, because some distributions have an older version of OpenVPN. - -### Certificate - -#### Key - -OpenVPN uses an RSA certificate with a 2048 bits key [by default](https://github.com/OpenVPN/easy-rsa/blob/master/easyrsa3/vars.example#L97). - -2048 bits is OK, but both [NSA](https://cryptome.org/2016/01/CNSA-Suite-and-Quantum-Computing-FAQ.pdf) and [ANSSI](https://www.ssi.gouv.fr/uploads/2015/01/RGS_v-2-0_B1.pdf) recommend at least a 3072 bits for a future-proof key. As the size of the key will have an impact on speed, I leave the choice to use 2048, 3072 or 4096 bits RSA key. 4096 bits is what's most used and recommened today, but 3072 bits is still good. - -In OpenVPN 2.4, we will be able to use an ECDSA certificate. This algorithm uses elliptic curves instead of prime numbers' factorization for a reduced key size and calculation time, thus it's faster and more secure. - -#### Signature hash - -OpenVPN uses SHA-256 [by default](https://github.com/OpenVPN/easy-rsa/blob/master/easyrsa3/vars.example#L192). - -It also supports SHA1 and MD5, which are unsafe, and all the SHA2 family. I didn't find any reason to use something other than SHA-256 in the SHA2 group, so the script still uses the default hash algorithm. - -### Data channel's cipher - -By default, OpenVPN uses `BF-CBC` as the data channel cipher. Blowfish is an old (1993) an weak alogorithm. What's *funny* is that even the official OpenVPN documentation admits it. - ->The default is BF-CBC, an abbreviation for Blowfish in Cipher Block Chaining mode. -Using BF-CBC is no longer recommended, because of its 64-bit block size. This small block size allows attacks based on collisions, as demonstrated by SWEET32. See https://community.openvpn.net/openvpn/wiki/SWEET32 for details. - -[Source](https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbAI) - ->Security researchers at INRIA published an attack on 64-bit block ciphers, such as 3DES and Blowfish. They show that they are able to recover plaintext when the same data is sent often enough, and show how they can use cross-site scripting vulnerabilities to send data of interest often enough. This works over HTTPS, but also works for HTTP-over-OpenVPN. See ​https://sweet32.info/ for a much better and more elaborate explanation. -> OpenVPN's default cipher, BF-CBC, is affected by this attack. - -[Source](https://community.openvpn.net/openvpn/wiki/SWEET32) - ->Blowfish's use of a 64-bit block size (as opposed to e.g. AES's 128-bit block size) makes it vulnerable to birthday attacks, particularly in contexts like HTTPS. In 2016, the SWEET32 attack demonstrated how to leverage birthday attacks to perform plaintext recovery (i.e. decrypting ciphertext) against ciphers with a 64-bit block size such as Blowfish.[9] - ->A reduced-round variant of Blowfish is known to be susceptible to known-plaintext attacks on reflectively weak keys. Blowfish implementations use 16 rounds of encryption, and are not susceptible to this attack. Blowfish users are encouraged by Bruce Schneier, Blowfish's creator, to use the more modern and computationally efficient alternative Twofish. He is quoted in 2007 as saying: - ->"At this point, though, I'm amazed it's still being used. If people ask, I recommend Twofish instead." - -[Source](https://en.wikipedia.org/wiki/Blowfish_(cipher)#Weakness_and_successors) - -Convinced ? - -The [SWEET32 vulnerability page](https://community.openvpn.net/openvpn/wiki/SWEET32) from OpenVPN's documentation says : ->The following ciphers are affected, and should no longer be used: - -- BF-* -- DES* (including 3DES variants) - ->The following ciphers are *not* affected: - -- AES-* -- CAMELLIA-* -- SEED-* - -Indeed, AES is today's standard. It's the fastest and more secure cipher available today. [SEED](https://en.wikipedia.org/wiki/SEED) and [Camellia](https://en.wikipedia.org/wiki/Camellia_(cipher)) are not vulnerable to date but are slower than AES and relatively less trusted. - -As they have not any proven vulnerabilities, I decided to give the user the choice to use them, though I don't see any particular reason to this day to use it. Maybe someday if AES happens to be broken. Here is an exemple about [why Camellia is good, but AES is better and should be used](http://crypto.stackexchange.com/questions/476/why-does-nobody-use-or-break-the-camellia-cipher/477#477). - -Currently AES is only available in its CBC mode, which is weaker than GCM. - -To quote the [OpenVPN documentation](https://community.openvpn.net/openvpn/wiki/SWEET32) : - ->Of the currently supported ciphers, OpenVPN currently recommends using AES-256-CBC or AES-128-CBC. OpenVPN 2.4 and newer will also support GCM. For 2.4+, we recommend using AES-256-GCM or AES-128-GCM. - -Of course I will update the script to add AES-GCM mode (as well as ECDH and ECDSA) as soon as OpenVPN 2.4 is released. - -For now, these cipher are available in the setup : - -- AES-128-CBC -- AES-192-CBC -- AES-256-CBC -- CAMELLIA-128-CBC -- CAMELLIA-192-CBC -- CAMELLIA-256-CBC -- SEED-CBC - -AES-256 is 40% slower than AES-128, and there isn't any real reason to use a 256 bits key over a 128 bits key with AES. (Source : [[1]](http://security.stackexchange.com/questions/14068/why-most-people-use-256-bit-encryption-instead-of-128-bit),[[2]](http://security.stackexchange.com/questions/6141/amount-of-simple-operations-that-is-safely-out-of-reach-for-all-humanity/6149#6149)). - -Moreover, AES-256 is more vulnerable to [Timing attacks](https://en.wikipedia.org/wiki/Timing_attack). - -Thus, the best data channel cipher currently available in OpenVPN is `AES-128-CBC`. - -### Control channel's cipher - -According to the [Hardening](https://community.openvpn.net/openvpn/wiki/Hardening#Useof--tls-cipher) page of the OpenVPN wiki, TLS 1.2 is not supported by OpenVPN <2.3.3, so it uses a TLS 1.0 cipher by default, which is unsecure. - -> The following are TLSv1.2 DHE + RSA choices, requiring a compatible peer running at least OpenVPN 2.3.3: -- TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 -- TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 -- TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 -- TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 - -AES GCM is more secure than AES CBC, and AES 128 is secure enough today. I didn't find any security difference between SHA-256 and SHA-384 so we're going to use SHA-256. - -Thus, I have chosen `TLS-DHE-RSA-WITH-AES-128-GCM-SHA256` as the control channel cipher. - -### Diffie-Hellman key - -OpenVPN uses a 2048 bits DH key [by default](https://github.com/OpenVPN/easy-rsa/blob/master/easyrsa3/vars.example#L97). - -2048 bits is OK, but both [NSA](https://cryptome.org/2016/01/CNSA-Suite-and-Quantum-Computing-FAQ.pdf) and [ANSSI](https://www.ssi.gouv.fr/uploads/2015/01/RGS_v-2-0_B1.pdf) recommend at least a 3072 bits for a future-proof key. Like RSA, the size of the key will have an impact on speed, I leave the choice to use a 2048, 3072 or 4096 bits key. 4096 bits is what's most used and recommened today, but 3072 bits is still good. - -In OpenVPN 2.4, we will be able to use ECDH key. It uses elliptic curves instead of prime numbers' factorization for a reduced key size and calculation time, thus it's faster and more secure. - -### HMAC authentication algorithm - -To quote the OpenVPN wiki : - ->Authenticate packets with HMAC using message digest algorithm alg. (The default is SHA1 ). HMAC is a commonly used message authentication algorithm (MAC) that uses a data string, a secure hash algorithm, and a key, to produce a digital signature. -OpenVPN's usage of HMAC is to first encrypt a packet, then HMAC the resulting ciphertext. - -SHA-1 is not safe anymore, so I use SHA-256 which is safe and widely used. - -### TLS-Auth - ->The --tls-auth option uses a static pre-shared key (PSK) that must be generated in advance and shared among all peers. This features adds "extra protection" to the TLS channel by requiring that incoming packets have a valid signature generated using the PSK key. If this key is ever changed, it must be changed on all peers at the same time (there is no support for rollover.) - ->The primary benefit is that an unauthenticated client cannot cause the same CPU/crypto load against a server as the junk traffic can be dropped much sooner. This can aid in mitigating denial-of-service attempts. - ->This feature by itself does not improve the TLS auth in any way, although it offers a 2nd line of defense if a future flaw is discovered in a particular TLS cipher-suite or implementation (such as CVE-2014-0160, Heartbleed, where the tls-auth key provided protection against attackers who did not have a copy). However, it offers no protection at all in the event of a complete cryptographic break that can allow decryption of a cipher-suite's traffic. - -[Source](https://openvpn.net/index.php/open-source/documentation/howto.html#security) - -TLS-Auth is not enabled by default by OpenVPN, but it is in this script. - -## Credits & Licence - -Thanks to the [contributors](https://github.com/Angristan/OpenVPN-install/graphs/contributors) and of course Nyr's orginal work. - -[Old repo](https://github.com/Angristan/OpenVPN-install-fork-old) - -[MIT Licence](https://raw.githubusercontent.com/Angristan/openvpn-install/master/LICENSE) +# OpenVPN-install + +OpenVPN installer for Debian, Ubuntu, Fedora, CentOS and Arch Linux. + +This script will let you setup your own secure VPN server in just a few minutes. + +Here is a preview of the installer : + +![](https://lut.im/IzjFrfhM18/DY8KD91W0uMhEgLp.png) +![](https://lut.im/eODTn8Sa9y/euCqh0wzXwlz3UNs.png) + +## Usage + +**You have to enable the TUN module otherwise OpenVPN won't work.** Ask your host if you don't know how to do it. If the TUN module is not enabled, the script will warn you and exit. + +You can get a cheap VPS to run this script for $2.50/month worldwide at [Vultr](https://goo.gl/Xyd1Sc) or 3€/month for unlimited bandwidth in France at [PulseHeberg](https://goo.gl/76yqW5). + +First, get the script and make it executable : + +```bash +wget https://raw.githubusercontent.com/Angristan/OpenVPN-install/master/openvpn-install.sh +chmod +x openvpn-install.sh +``` + +Then run it : + +`./openvpn-install.sh` + +The first time you run it, you'll have to follow the assistant and answer a few questions to setup your VPN server. + +When OpenVPN is installed, you can run the script again, and you will get the choice to : + +- Add a client +- Remove a client +- Uninstall OpenVPN + +![](https://i.imgur.com/AlW9g7t.png) + +## The fork + +This script is based on the great work of [Nyr and its contributors](https://github.com/Nyr/openvpn-install). + +I made it because I wanted to have a more secured OpenVPN out-of-the-box. It works like the original script, but is more focused on privacy and espicially better encryption. Nyr's original script uses mainly default parameters regarding encryption, and some of them are unsecure. See [#encryption](#encryption). + +Also, Nyr and myself clearly have not the same point of view regarding this script, that's why it's a fork. + +The only drawback is that you need to use a recent version of OpenVPN, because some parameters that requires TLS 1.2 are only availble since OpenVPN 2.3.3. Therefore I restrain the compatibility of this script to a few but widely used GNU/Linux distributions, to get a recent version of OpenVPN from trusted third-party repositories, if needed. That is not a complete drawback tough, because it means that you can have the latest version with all the new features and security fixes. See [compatibilty](#compatibility). + +On the client-side, it's less problematic, but if you want to use an OpenVPN server installed with this script with an old client (\<2.3.3), it won't work. However I don't see why you would use an outdated client. + +**TL;DR**, this script is relatively secure, and you can just press enter in the setup. + +**[A Pull Request](https://github.com/Angristan/OpenVPN-install/pull/96) is currently being worked on to implement the latest OpenVPN 2.4 features.** + +## Compatibility + +The script is made to work on these OS and architectures : + +- **Debian 7** (i386, amd64) +- **Debian 8** (i386, amd64) +- **Debian 9** (i386, amd64, armhf, arm64) +- **Ubuntu 12.04 LTS** (i386, amd64) +- **Ubuntu 14.04 LTS** (i386, amd64) +- **Ubuntu 16.04 LTS** (i386, amd64) +- **Ubuntu 16.10** (i386, amd64, armhf, arm64) +- **Ubuntu 17.04** (i386, amd64, armhf, arm64) +- **Fedora 25** (amd64) +- **Fedora 26** (amd64) +- **Fedora 27** (amd64) +- **CentOS 6** (i386, amd64) +- **CentOS 7** (i386, amd64, arm64) +- **Arch Linux** (i686, amd64, arm64) + +(It should also work on Debian unstable/testing and Ubuntu beta). + +If your're using an Ubuntu version that is not supported by the script, be aware that it's not supported by Ubuntu either, thus it's insecure. + +## Features + +This fork includes the following features : + +- Every feature of the [original script](https://github.com/Nyr/openvpn-install) +- Better encryption, see below +- Better DNS resolvers, see below +- Choice between TCP and UDP (UDP is still recommended) +- Run server in [unprivileged mode](https://github.com/Angristan/OpenVPN-install/blob/master/openvpn-install.sh#L426), reducing risks to the system +- [Block DNS leak on Windows 10](https://community.openvpn.net/openvpn/ticket/605) +- No comp-lzo, as [compression is a vector for oracle attacks, e.g. CRIME or BREACH](https://github.com/BetterCrypto/Applied-Crypto-Hardening/pull/91#issuecomment-75388575) +- [Arch Linux support](https://github.com/Angristan/OpenVPN-install/pull/2) +- Up-to-date OpenVPN thanks to [EPEL](http://fedoraproject.org/wiki/EPEL) for CentOS and [swupdate.openvpn.net](https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos) for Ubuntu and Debian. These are third-party yet trusted repositories. +- Other improvements ! + +## DNS + +The script will ask you which DNS resolvers you want to use when connected to the VPN. + +Here are the possibilities : + +- Current system resolvers, those that are in `/etc/resolv.conf` +- [Quad9](https://www.quad9.net), recommended, security and privacy oriented, fast worldwide (Anycast servers) +- [FDN's DNS Servers](http://www.fdn.fr/actions/dns/), recommended if you're in western europe (France) +- [DNS.WATCH DNS Servers](https://dns.watch/index), recommended if you're in western europe (Germany) +- [OpenDNS](https://en.wikipedia.org/wiki/OpenDNS), not recommened but fast wordlwide (Anycast servers) +- [Google Public DNS](https://en.wikipedia.org/wiki/Google_Public_DNS), not recommended, but fast worldwide (Anycast servers) +- [Yandex Basic DNS](https://dns.yandex.com/), not recommended, but fast in Russia +- [AdGuard DNS](https://github.com/AdguardTeam/AdguardDNS), located in Russia, blocks ads and trackers +- Soon : local resolver :D + +Any other fast, trustable and neutral servers proposition is welcome. + +## Encryption + +The main reason why I made this fork is to improve the encryption. Indeed, OpenVPN's default parameters are weak (and that's what [Nyr's script](https://github.com/Nyr/openvpn-install) uses). + +I want to justify all my choices regarding the encryption settings I have chosen, to prove that I'm not some random noob as some may think. 😉 + +However I'm far from a crypto expert, so don't hesitate to doubt what I say (I put links to my sources anyway), and to open an issue to correct me. + +OpenVPN 2.4 will be a great update on the encryption part, because we'll be able to use elliptic curves, so ECDSA and ECDH (as well for the control channel), and AES GCM. They are faster and more secure. I will, of course, update the script when it will be available. + +**Note:** With OpenVPN's default parameters, you have a relatively weak encryption. Nonetheless, your trafic is still encrypted, so unless you're under surveillance, probably no one will try to decrypt it. Yet it's not a reason to use old and weak algorithm when there are much better ones available. 😉 + +### TLS version + +OpenVPN uses TLS 1.0 by default, which is nearly [20 years old](https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_1.0). + +With `tls-version-min 1.2` we use at least TLS 1.2, which the best protocol available currently. I could have used `tls-version-min highest` but this does not ensure we use TLS 1.2 which is the only secure protocol available. + +[OpenVPN documentation for tls-version-min](https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbAK) + +TLS 1.2 is only supported since OpenVPN 2.3.3. This is one of the reasons of the script uses third-party repositories, because some distributions have an older version of OpenVPN. + +### Certificate + +#### Key + +OpenVPN uses an RSA certificate with a 2048 bits key [by default](https://github.com/OpenVPN/easy-rsa/blob/master/easyrsa3/vars.example#L97). + +2048 bits is OK, but both [NSA](https://cryptome.org/2016/01/CNSA-Suite-and-Quantum-Computing-FAQ.pdf) and [ANSSI](https://www.ssi.gouv.fr/uploads/2015/01/RGS_v-2-0_B1.pdf) recommend at least a 3072 bits for a future-proof key. As the size of the key will have an impact on speed, I leave the choice to use 2048, 3072 or 4096 bits RSA key. 4096 bits is what's most used and recommened today, but 3072 bits is still good. + +In OpenVPN 2.4, we will be able to use an ECDSA certificate. This algorithm uses elliptic curves instead of prime numbers' factorization for a reduced key size and calculation time, thus it's faster and more secure. + +#### Signature hash + +OpenVPN uses SHA-256 [by default](https://github.com/OpenVPN/easy-rsa/blob/master/easyrsa3/vars.example#L192). + +It also supports SHA1 and MD5, which are unsafe, and all the SHA2 family. I didn't find any reason to use something other than SHA-256 in the SHA2 group, so the script still uses the default hash algorithm. + +### Data channel's cipher + +By default, OpenVPN uses `BF-CBC` as the data channel cipher. Blowfish is an old (1993) an weak alogorithm. What's *funny* is that even the official OpenVPN documentation admits it. + +>The default is BF-CBC, an abbreviation for Blowfish in Cipher Block Chaining mode. +Using BF-CBC is no longer recommended, because of its 64-bit block size. This small block size allows attacks based on collisions, as demonstrated by SWEET32. See https://community.openvpn.net/openvpn/wiki/SWEET32 for details. + +[Source](https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbAI) + +>Security researchers at INRIA published an attack on 64-bit block ciphers, such as 3DES and Blowfish. They show that they are able to recover plaintext when the same data is sent often enough, and show how they can use cross-site scripting vulnerabilities to send data of interest often enough. This works over HTTPS, but also works for HTTP-over-OpenVPN. See ​https://sweet32.info/ for a much better and more elaborate explanation. +> OpenVPN's default cipher, BF-CBC, is affected by this attack. + +[Source](https://community.openvpn.net/openvpn/wiki/SWEET32) + +>Blowfish's use of a 64-bit block size (as opposed to e.g. AES's 128-bit block size) makes it vulnerable to birthday attacks, particularly in contexts like HTTPS. In 2016, the SWEET32 attack demonstrated how to leverage birthday attacks to perform plaintext recovery (i.e. decrypting ciphertext) against ciphers with a 64-bit block size such as Blowfish.[9] + +>A reduced-round variant of Blowfish is known to be susceptible to known-plaintext attacks on reflectively weak keys. Blowfish implementations use 16 rounds of encryption, and are not susceptible to this attack. Blowfish users are encouraged by Bruce Schneier, Blowfish's creator, to use the more modern and computationally efficient alternative Twofish. He is quoted in 2007 as saying: + +>"At this point, though, I'm amazed it's still being used. If people ask, I recommend Twofish instead." + +[Source](https://en.wikipedia.org/wiki/Blowfish_(cipher)#Weakness_and_successors) + +Convinced ? + +The [SWEET32 vulnerability page](https://community.openvpn.net/openvpn/wiki/SWEET32) from OpenVPN's documentation says : +>The following ciphers are affected, and should no longer be used: + +- BF-* +- DES* (including 3DES variants) +- RC2-* + +>The following ciphers are *not* affected: + +- AES-* +- CAMELLIA-* +- SEED-* + +Indeed, AES is today's standard. It's the fastest and more secure cipher available today. [SEED](https://en.wikipedia.org/wiki/SEED) and [Camellia](https://en.wikipedia.org/wiki/Camellia_(cipher)) are not vulnerable to date but are slower than AES and relatively less trusted. + +As they have not any proven vulnerabilities, I decided to give the user the choice to use them, though I don't see any particular reason to this day to use it. Maybe someday if AES happens to be broken. Here is an exemple about [why Camellia is good, but AES is better and should be used](http://crypto.stackexchange.com/questions/476/why-does-nobody-use-or-break-the-camellia-cipher/477#477). + +Currently AES is only available in its CBC mode, which is weaker than GCM. + +To quote the [OpenVPN documentation](https://community.openvpn.net/openvpn/wiki/SWEET32) : + +>Of the currently supported ciphers, OpenVPN currently recommends using AES-256-CBC or AES-128-CBC. OpenVPN 2.4 and newer will also support GCM. For 2.4+, we recommend using AES-256-GCM or AES-128-GCM. + +Of course I will update the script to add AES-GCM mode (as well as ECDH and ECDSA) as soon as OpenVPN 2.4 is released. + +For now, these cipher are available in the setup : + +- AES-128-CBC +- AES-192-CBC +- AES-256-CBC +- CAMELLIA-128-CBC +- CAMELLIA-192-CBC +- CAMELLIA-256-CBC +- SEED-CBC + +AES-256 is 40% slower than AES-128, and there isn't any real reason to use a 256 bits key over a 128 bits key with AES. (Source : [[1]](http://security.stackexchange.com/questions/14068/why-most-people-use-256-bit-encryption-instead-of-128-bit),[[2]](http://security.stackexchange.com/questions/6141/amount-of-simple-operations-that-is-safely-out-of-reach-for-all-humanity/6149#6149)). + +Moreover, AES-256 is more vulnerable to [Timing attacks](https://en.wikipedia.org/wiki/Timing_attack). + +Thus, the best data channel cipher currently available in OpenVPN is `AES-128-CBC`. + +### Control channel's cipher + +According to the [Hardening](https://community.openvpn.net/openvpn/wiki/Hardening#Useof--tls-cipher) page of the OpenVPN wiki, TLS 1.2 is not supported by OpenVPN <2.3.3, so it uses a TLS 1.0 cipher by default, which is unsecure. + +> The following are TLSv1.2 DHE + RSA choices, requiring a compatible peer running at least OpenVPN 2.3.3: +- TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 +- TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 +- TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 +- TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 + +AES GCM is more secure than AES CBC, and AES 128 is secure enough today. I didn't find any security difference between SHA-256 and SHA-384 so we're going to use SHA-256. + +Thus, I have chosen `TLS-DHE-RSA-WITH-AES-128-GCM-SHA256` as the control channel cipher. + +### Diffie-Hellman key + +OpenVPN uses a 2048 bits DH key [by default](https://github.com/OpenVPN/easy-rsa/blob/master/easyrsa3/vars.example#L97). + +2048 bits is OK, but both [NSA](https://cryptome.org/2016/01/CNSA-Suite-and-Quantum-Computing-FAQ.pdf) and [ANSSI](https://www.ssi.gouv.fr/uploads/2015/01/RGS_v-2-0_B1.pdf) recommend at least a 3072 bits for a future-proof key. Like RSA, the size of the key will have an impact on speed, I leave the choice to use a 2048, 3072 or 4096 bits key. 4096 bits is what's most used and recommened today, but 3072 bits is still good. + +In OpenVPN 2.4, we will be able to use ECDH key. It uses elliptic curves instead of prime numbers' factorization for a reduced key size and calculation time, thus it's faster and more secure. + +### HMAC authentication algorithm + +To quote the OpenVPN wiki : + +>Authenticate packets with HMAC using message digest algorithm alg. (The default is SHA1 ). HMAC is a commonly used message authentication algorithm (MAC) that uses a data string, a secure hash algorithm, and a key, to produce a digital signature. +OpenVPN's usage of HMAC is to first encrypt a packet, then HMAC the resulting ciphertext. + +SHA-1 is not safe anymore, so I use SHA-256 which is safe and widely used. + +### TLS-Auth + +>The --tls-auth option uses a static pre-shared key (PSK) that must be generated in advance and shared among all peers. This features adds "extra protection" to the TLS channel by requiring that incoming packets have a valid signature generated using the PSK key. If this key is ever changed, it must be changed on all peers at the same time (there is no support for rollover.) + +>The primary benefit is that an unauthenticated client cannot cause the same CPU/crypto load against a server as the junk traffic can be dropped much sooner. This can aid in mitigating denial-of-service attempts. + +>This feature by itself does not improve the TLS auth in any way, although it offers a 2nd line of defense if a future flaw is discovered in a particular TLS cipher-suite or implementation (such as CVE-2014-0160, Heartbleed, where the tls-auth key provided protection against attackers who did not have a copy). However, it offers no protection at all in the event of a complete cryptographic break that can allow decryption of a cipher-suite's traffic. + +[Source](https://openvpn.net/index.php/open-source/documentation/howto.html#security) + +TLS-Auth is not enabled by default by OpenVPN, but it is in this script. + +## Credits & Licence + +Thanks to the [contributors](https://github.com/Angristan/OpenVPN-install/graphs/contributors) and of course Nyr's orginal work. + +[Old repo](https://github.com/Angristan/OpenVPN-install-fork-old) + +[MIT Licence](https://raw.githubusercontent.com/Angristan/openvpn-install/master/LICENSE) From adcc4cbd4a31aecdbbb43da9676cf8cad4720ece Mon Sep 17 00:00:00 2001 From: Angristan Date: Thu, 25 Jan 2018 12:31:08 +0100 Subject: [PATCH 12/18] Add rendomized server name #151 --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 1bb3ee6..102b95d 100644 --- a/README.md +++ b/README.md @@ -88,6 +88,7 @@ This fork includes the following features : - No comp-lzo, as [compression is a vector for oracle attacks, e.g. CRIME or BREACH](https://github.com/BetterCrypto/Applied-Crypto-Hardening/pull/91#issuecomment-75388575) - [Arch Linux support](https://github.com/Angristan/OpenVPN-install/pull/2) - Up-to-date OpenVPN thanks to [EPEL](http://fedoraproject.org/wiki/EPEL) for CentOS and [swupdate.openvpn.net](https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos) for Ubuntu and Debian. These are third-party yet trusted repositories. +- Randomized certificate name - Other improvements ! ## DNS From cffe4bee4ae9c8b27462255e4cbb026f9a4bcc0c Mon Sep 17 00:00:00 2001 From: Angristan Date: Sat, 27 Jan 2018 20:21:28 +0100 Subject: [PATCH 13/18] Inverse FDN's DNS servers for DNSSEC The .12 does not validate DNSSEC while the .40 does, so I'm putting the .40 first. --- openvpn-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index 6eb25ae..4e9f91d 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -516,8 +516,8 @@ ifconfig-pool-persist ipp.txt" >> /etc/openvpn/server.conf echo 'push "dhcp-option DNS 9.9.9.9"' >> /etc/openvpn/server.conf ;; 3) #FDN - echo 'push "dhcp-option DNS 80.67.169.12"' >> /etc/openvpn/server.conf echo 'push "dhcp-option DNS 80.67.169.40"' >> /etc/openvpn/server.conf + echo 'push "dhcp-option DNS 80.67.169.12"' >> /etc/openvpn/server.conf ;; 4) #DNS.WATCH echo 'push "dhcp-option DNS 84.200.69.80"' >> /etc/openvpn/server.conf From 501f8a9b36d66659866d773d6eb7a6abf7e66579 Mon Sep 17 00:00:00 2001 From: Angristan Date: Mon, 12 Feb 2018 16:07:37 +0100 Subject: [PATCH 14/18] Use a different client name for new users Just in case the user keeps the default "client" username when installing, reusing "client" will fail. A tiny commit for lazy users. --- openvpn-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index 4e9f91d..6371602 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -112,7 +112,7 @@ if [[ -e /etc/openvpn/server.conf ]]; then echo "" echo "Tell me a name for the client cert" echo "Please, use one word only, no special characters" - read -p "Client name: " -e -i client CLIENT + read -p "Client name: " -e -i newclient CLIENT cd /etc/openvpn/easy-rsa/ ./easyrsa build-client-full $CLIENT nopass # Generates the custom client.ovpn From febdc04340a3b020afe15e833fab1ea12106522a Mon Sep 17 00:00:00 2001 From: Angristan Date: Tue, 13 Feb 2018 22:38:48 +0100 Subject: [PATCH 15/18] Support Ubuntu 17.10 Fixes #161 --- README.md | 1 + openvpn-install.sh | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 102b95d..6180428 100644 --- a/README.md +++ b/README.md @@ -64,6 +64,7 @@ The script is made to work on these OS and architectures : - **Ubuntu 16.04 LTS** (i386, amd64) - **Ubuntu 16.10** (i386, amd64, armhf, arm64) - **Ubuntu 17.04** (i386, amd64, armhf, arm64) +- **Ubuntu 17.10** (i386, amd64, armhf, arm64) - **Fedora 25** (amd64) - **Fedora 26** (amd64) - **Fedora 27** (amd64) diff --git a/openvpn-install.sh b/openvpn-install.sh index 6371602..7eb5e86 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -25,7 +25,7 @@ if [[ -e /etc/debian_version ]]; then VERSION_ID=$(cat /etc/os-release | grep "VERSION_ID") IPTABLES='/etc/iptables/iptables.rules' SYSCTL='/etc/sysctl.conf' - if [[ "$VERSION_ID" != 'VERSION_ID="7"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="8"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="9"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="12.04"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="14.04"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="16.04"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="16.10"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="17.04"' ]]; then + if [[ "$VERSION_ID" != 'VERSION_ID="7"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="8"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="9"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="12.04"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="14.04"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="16.04"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="16.10"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="17.04"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="17.10"' ]]; then echo "Your version of Debian/Ubuntu is not supported." echo "I can't install a recent version of OpenVPN on your system." echo "" From f252614a365ccb8b4a08339af3f77443aa69c0b3 Mon Sep 17 00:00:00 2001 From: Kcchouette Date: Wed, 14 Feb 2018 14:48:36 +0100 Subject: [PATCH 16/18] Remove unsupported version of ubuntu (#163) * Remove unsupported version of ubuntu Remove 12.04 as the support finished on April 28, 2017 Remove 16.10 as the support finished 2017-07-20 Remove 17.04 as the support finished 2018-01-13 --- README.md | 3 --- openvpn-install.sh | 8 +------- 2 files changed, 1 insertion(+), 10 deletions(-) diff --git a/README.md b/README.md index 6180428..47b0699 100644 --- a/README.md +++ b/README.md @@ -59,11 +59,8 @@ The script is made to work on these OS and architectures : - **Debian 7** (i386, amd64) - **Debian 8** (i386, amd64) - **Debian 9** (i386, amd64, armhf, arm64) -- **Ubuntu 12.04 LTS** (i386, amd64) - **Ubuntu 14.04 LTS** (i386, amd64) - **Ubuntu 16.04 LTS** (i386, amd64) -- **Ubuntu 16.10** (i386, amd64, armhf, arm64) -- **Ubuntu 17.04** (i386, amd64, armhf, arm64) - **Ubuntu 17.10** (i386, amd64, armhf, arm64) - **Fedora 25** (amd64) - **Fedora 26** (amd64) diff --git a/openvpn-install.sh b/openvpn-install.sh index 7eb5e86..d2c56ba 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -25,7 +25,7 @@ if [[ -e /etc/debian_version ]]; then VERSION_ID=$(cat /etc/os-release | grep "VERSION_ID") IPTABLES='/etc/iptables/iptables.rules' SYSCTL='/etc/sysctl.conf' - if [[ "$VERSION_ID" != 'VERSION_ID="7"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="8"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="9"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="12.04"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="14.04"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="16.04"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="16.10"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="17.04"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="17.10"' ]]; then + if [[ "$VERSION_ID" != 'VERSION_ID="7"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="8"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="9"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="14.04"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="16.04"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="17.10"' ]]; then echo "Your version of Debian/Ubuntu is not supported." echo "I can't install a recent version of OpenVPN on your system." echo "" @@ -340,12 +340,6 @@ else wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg | apt-key add - apt update fi - # Ubuntu 12.04 - if [[ "$VERSION_ID" = 'VERSION_ID="12.04"' ]]; then - echo "deb http://build.openvpn.net/debian/openvpn/stable precise main" > /etc/apt/sources.list.d/openvpn.list - wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg | apt-key add - - apt-get update - fi # Ubuntu 14.04 if [[ "$VERSION_ID" = 'VERSION_ID="14.04"' ]]; then echo "deb http://build.openvpn.net/debian/openvpn/stable trusty main" > /etc/apt/sources.list.d/openvpn.list From 687eb9019da57cee4c69b9903c9a2129563353c9 Mon Sep 17 00:00:00 2001 From: Angristan Date: Thu, 22 Feb 2018 21:47:35 +0100 Subject: [PATCH 17/18] Fix Fedora detection Fixes #168 --- openvpn-install.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index d2c56ba..4f178ef 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -40,7 +40,11 @@ if [[ -e /etc/debian_version ]]; then exit 4 fi fi -elif [[ -e /etc/centos-release || -e /etc/redhat-release || -e /etc/system-release && ! -e /etc/fedora-release ]]; then +elif [[ -e /etc/fedora-release ]]; then + OS=fedora + IPTABLES='/etc/iptables/iptables.rules' + SYSCTL='/etc/sysctl.d/openvpn.conf' +elif [[ -e /etc/centos-release || -e /etc/redhat-release || -e /etc/system-release ]]; then OS=centos IPTABLES='/etc/iptables/iptables.rules' SYSCTL='/etc/sysctl.conf' @@ -48,10 +52,6 @@ elif [[ -e /etc/arch-release ]]; then OS=arch IPTABLES='/etc/iptables/iptables.rules' SYSCTL='/etc/sysctl.d/openvpn.conf' -elif [[ -e /etc/fedora-release ]]; then - OS=fedora - IPTABLES='/etc/iptables/iptables.rules' - SYSCTL='/etc/sysctl.d/openvpn.conf' else echo "Looks like you aren't running this installer on a Debian, Ubuntu, CentOS or ArchLinux system" exit 4 From 42f6553dcc2f6ca67cecaef9516ac621d10980e3 Mon Sep 17 00:00:00 2001 From: Angristan Date: Sun, 25 Feb 2018 17:37:03 +0100 Subject: [PATCH 18/18] Add GPG dependency --- openvpn-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openvpn-install.sh b/openvpn-install.sh index 4f178ef..54aacdf 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -326,7 +326,7 @@ else read -n1 -r -p "Press any key to continue..." if [[ "$OS" = 'debian' ]]; then - apt-get install ca-certificates -y + apt-get install ca-certificates gpg -y # We add the OpenVPN repo to get the latest version. # Debian 7 if [[ "$VERSION_ID" = 'VERSION_ID="7"' ]]; then