OpenVPN/openvpn
1
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2025-05-10 05:59:10 +08:00
Code Issues Packages Projects Releases Wiki Activity

Use AES ciphers in our sample configuration files and add a few modern 2.4 examples

Browse Source 
Acked-by: Steffan Karger <steffan@karger.me>
Message-Id: 1468314848-11820-1-git-send-email-arne@rfc2549.org
URL: http://www.mail-archive.com/search?l=mid&q=1468314848-11820-1-git-send-email-arne@rfc2549.org
Signed-off-by: David Sommerseth <davids@openvpn.net>
(cherry picked from commit 6d036ebc221d933c0751107cea9efe4692c9d559)
This commit is contained in:
Arne Schwabe 2016-07-12 11:14:08 +02:00 committed by David Sommerseth
parent 57294aaafc
commit 0b47074726
4 changed files with 28 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
sample/sample-config-files/client.conf
View File

@ -110,12 +110,16 @@ remote-cert-tls server
# Select a cryptographic cipher. # Select a cryptographic cipher.
# If the cipher option is used on the server # If the cipher option is used on the server
# then you must also specify it here. # then you must also specify it here.
;cipher x # Note that 2.4 client/server will automatically
# negotiate AES-256-GCM in TLS mode.
# See also the ncp-cipher option in the manpage
cipher AES-256-CBC
# Enable compression on the VPN link. # Enable compression on the VPN link.
# Don't enable this unless it is also # Don't enable this unless it is also
# enabled in the server config file. # enabled in the server config file.
comp-lzo #comp-lzo
# Set log file verbosity. # Set log file verbosity.
verb 3 verb 3

21
sample/sample-config-files/server.conf
View File

@ -246,14 +246,21 @@ keepalive 10 120
# Select a cryptographic cipher. # Select a cryptographic cipher.
# This config item must be copied to # This config item must be copied to
# the client config file as well. # the client config file as well.
;cipher BF-CBC # Blowfish (default) # Note that 2.4 client/server will automatically
;cipher AES-128-CBC # AES # negotiate AES-256-GCM in TLS mode.
;cipher DES-EDE3-CBC # Triple-DES # See also the ncp-cipher option in the manpage
cipher AES-256-CBC
# Enable compression on the VPN link. # Enable compression on the VPN link and push the
# option to the client (2.4+ only, for earlier
# versions see below)
;compress lz4-v2
;push "compress lz4-v2"
# For compression compatible with older clients use comp-lzo
# If you enable it here, you must also # If you enable it here, you must also
# enable it in the client config file. # enable it in the client config file.
comp-lzo ;comp-lzo
# The maximum number of concurrently connected # The maximum number of concurrently connected
# clients we want to allow. # clients we want to allow.
@ -302,3 +309,7 @@ verb 3
# sequential messages of the same message # sequential messages of the same message
# category will be output to the log. # category will be output to the log.
;mute 20 ;mute 20
# Notify the client that when the server restarts so it
# can automatically reconnect.
explicit-exit-notify 1

3
sample/sample-config-files/static-home.conf
View File

@ -26,6 +26,9 @@ up ./home.up
# Our pre-shared static key # Our pre-shared static key
secret static.key secret static.key
# Cipher to use
cipher AES-256-CBC
# OpenVPN 2.0 uses UDP port 1194 by default # OpenVPN 2.0 uses UDP port 1194 by default
# (official port assignment by iana.org 11/04). # (official port assignment by iana.org 11/04).
# OpenVPN 1.x uses UDP port 5000 by default. # OpenVPN 1.x uses UDP port 5000 by default.

3
sample/sample-config-files/static-office.conf
View File

@ -23,6 +23,9 @@ up ./office.up
# Our pre-shared static key # Our pre-shared static key
secret static.key secret static.key
# Cipher to use
cipher AES-256-CBC
# OpenVPN 2.0 uses UDP port 1194 by default # OpenVPN 2.0 uses UDP port 1194 by default
# (official port assignment by iana.org 11/04). # (official port assignment by iana.org 11/04).
# OpenVPN 1.x uses UDP port 5000 by default. # OpenVPN 1.x uses UDP port 5000 by default.