install/openvpn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Some security changes/hints.

Browse Source
This commit is contained in:
Christoph
2018-03-09 03:29:59 +01:00
parent b798216aa5
commit 267cb8f1f5
3 changed files with 24 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
build_key-pass.sh
View File

@@ -462,13 +462,17 @@ cat << EOF >> "$_client_conf_file" 2> $log_file
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-serve
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
#
# Note!
# This option has been deprecated since version 2.4 and
# will be removed from later distributions.
# The option "ns-cert-type" has been deprecated since
# version 2.4 and will be removed from later distributions.
#
# Use the modern equivalent "remote-cert-tls"
#
;ns-cert-type server
remote-cert-tls server
# If a tls-auth key is used on the server
# then every client must also have the key.
@@ -508,7 +512,7 @@ EOF
if [[ -n "$SERVER_CIPHER" ]]; then
cat <<EOF >> "$_client_conf_file" 2>> "$log_file"
cipher AES-256-CBC
cipher $SERVER_CIPHER
EOF
fi