Merge branch 'master' into openvpn-2.4-update
This commit is contained in:
Angristan
GitHub
commit
15512c9625
2 changed files with 17 additions and 8 deletions
12
README.md
12
README.md
|
|
@ -1,4 +1,5 @@
|
||||||
# OpenVPN-install
|
# OpenVPN-install
|
||||||
|
|
||||||
OpenVPN installer for Debian, Ubuntu, Fedora, CentOS and Arch Linux.
|
OpenVPN installer for Debian, Ubuntu, Fedora, CentOS and Arch Linux.
|
||||||
|
|
||||||
This script will let you setup your own secure VPN server in just a few minutes.
|
This script will let you setup your own secure VPN server in just a few minutes.
|
||||||
|
|
@ -16,10 +17,11 @@ You can get a cheap VPS to run this script at [Vultr](https://goo.gl/Xyd1Sc), [D
|
||||||
|
|
||||||
First, get the script and make it executable :
|
First, get the script and make it executable :
|
||||||
|
|
||||||
```
|
```bash
|
||||||
wget https://raw.githubusercontent.com/Angristan/OpenVPN-install/master/openvpn-install.sh
|
wget https://raw.githubusercontent.com/Angristan/OpenVPN-install/master/openvpn-install.sh
|
||||||
chmod +x openvpn-install.sh
|
chmod +x openvpn-install.sh
|
||||||
```
|
```
|
||||||
|
|
||||||
Then run it :
|
Then run it :
|
||||||
|
|
||||||
`./openvpn-install.sh`
|
`./openvpn-install.sh`
|
||||||
|
|
@ -32,9 +34,9 @@ When OpenVPN is installed, you can run the script again, and you will get the ch
|
||||||
- Remove a client
|
- Remove a client
|
||||||
- Uninstall OpenVPN
|
- Uninstall OpenVPN
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## Why make a fork ?
|
## The fork
|
||||||
|
|
||||||
This script is based on the great work of [Nyr and its contributors](https://github.com/Nyr/openvpn-install).
|
This script is based on the great work of [Nyr and its contributors](https://github.com/Nyr/openvpn-install).
|
||||||
|
|
||||||
|
|
@ -73,6 +75,7 @@ On the client-side, it's less problematic, but if you want to use an OpenVPN ser
|
||||||
|
|
||||||
- ❌ = tested and not compatible
|
- ❌ = tested and not compatible
|
||||||
|
|
||||||
|
|
||||||
(It should also work on Debian unstable/testing and Ubuntu beta).
|
(It should also work on Debian unstable/testing and Ubuntu beta).
|
||||||
|
|
||||||
If your're using an Ubuntu version that is not supported by the script, be aware that it's not supported by Ubuntu either, thus it's insecure.
|
If your're using an Ubuntu version that is not supported by the script, be aware that it's not supported by Ubuntu either, thus it's insecure.
|
||||||
|
|
@ -80,6 +83,7 @@ If your're using an Ubuntu version that is not supported by the script, be aware
|
||||||
## Features
|
## Features
|
||||||
|
|
||||||
This fork includes the following features :
|
This fork includes the following features :
|
||||||
|
|
||||||
- Every feature of the [original script](https://github.com/Nyr/openvpn-install)
|
- Every feature of the [original script](https://github.com/Nyr/openvpn-install)
|
||||||
- Better encryption, see below
|
- Better encryption, see below
|
||||||
- Better DNS resolvers, see below
|
- Better DNS resolvers, see below
|
||||||
|
|
@ -174,11 +178,13 @@ Convinced ?
|
||||||
|
|
||||||
The [SWEET32 vulnerability page](https://community.openvpn.net/openvpn/wiki/SWEET32) from OpenVPN's documentation says :
|
The [SWEET32 vulnerability page](https://community.openvpn.net/openvpn/wiki/SWEET32) from OpenVPN's documentation says :
|
||||||
>The following ciphers are affected, and should no longer be used:
|
>The following ciphers are affected, and should no longer be used:
|
||||||
|
|
||||||
- BF-*
|
- BF-*
|
||||||
- DES* (including 3DES variants)
|
- DES* (including 3DES variants)
|
||||||
- RC2-*
|
- RC2-*
|
||||||
|
|
||||||
>The following ciphers are *not* affected:
|
>The following ciphers are *not* affected:
|
||||||
|
|
||||||
- AES-*
|
- AES-*
|
||||||
- CAMELLIA-*
|
- CAMELLIA-*
|
||||||
- SEED-*
|
- SEED-*
|
||||||
|
|
|
||||||
|
|
@ -517,6 +517,8 @@ else
|
||||||
elif [[ "$VERSION_ID" = 'VERSION_ID="9"' ]]; then
|
elif [[ "$VERSION_ID" = 'VERSION_ID="9"' ]]; then
|
||||||
echo "deb http://build.openvpn.net/debian/openvpn/stable stretch main" > /etc/apt/sources.list.d/openvpn.list
|
echo "deb http://build.openvpn.net/debian/openvpn/stable stretch main" > /etc/apt/sources.list.d/openvpn.list
|
||||||
wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg | apt-key add -
|
wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg | apt-key add -
|
||||||
|
apt update
|
||||||
|
fi
|
||||||
# Ubuntu 14.04
|
# Ubuntu 14.04
|
||||||
elif [[ "$VERSION_ID" = 'VERSION_ID="14.04"' ]]; then
|
elif [[ "$VERSION_ID" = 'VERSION_ID="14.04"' ]]; then
|
||||||
echo "deb http://build.openvpn.net/debian/openvpn/stable trusty main" > /etc/apt/sources.list.d/openvpn.list
|
echo "deb http://build.openvpn.net/debian/openvpn/stable trusty main" > /etc/apt/sources.list.d/openvpn.list
|
||||||
|
|
@ -892,6 +894,7 @@ persist-tun
|
||||||
remote-cert-tls server
|
remote-cert-tls server
|
||||||
verify-x509-name $SERVER_NAME name
|
verify-x509-name $SERVER_NAME name
|
||||||
auth $HMAC_AUTH
|
auth $HMAC_AUTH
|
||||||
|
auth-nocache
|
||||||
$CIPHER
|
$CIPHER
|
||||||
tls-client
|
tls-client
|
||||||
tls-version-min 1.2
|
tls-version-min 1.2
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue