From 0457852f6ffb0ac8454e1ef2102025228771a74a Mon Sep 17 00:00:00 2001
From: Joerg Lehmann <joerg.lehmann@nbit.ch>
Date: Sat, 22 Oct 2022 10:23:10 +0200
Subject: [PATCH] use newer server cert to get rif of @SECLEVEL=0 (at least try
 if it works)

---
 config/server-443.conf | 2 +-
 config/server.conf     | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/config/server-443.conf b/config/server-443.conf
index f847b33..bcd37fe 100644
--- a/config/server-443.conf
+++ b/config/server-443.conf
@@ -9,7 +9,7 @@ script-security 3
 writepid /var/run/openvpn-server/myopenvpn-443.pid
 
 ; ciphers
-tls-cipher "DEFAULT:@SECLEVEL=0"
+tls-cipher "DEFAULT"
 
 ; tunnel configuration
 dev tap1
diff --git a/config/server.conf b/config/server.conf
index 9de9786..bc1524e 100644
--- a/config/server.conf
+++ b/config/server.conf
@@ -9,7 +9,7 @@ script-security 3
 writepid /var/run/openvpn-server/myopenvpn.pid
 
 ; ciphers
-tls-cipher "DEFAULT:@SECLEVEL=0"
+tls-cipher "DEFAULT"
 
 ; tunnel configuration
 dev tap0
@@ -38,8 +38,8 @@ management localhost 6666
 ; certificates and authentication
 dh   /opt/openvpn/private/dh2048.pem
 ca   /opt/openvpn/ca/cacert.pem
-cert /opt/openvpn/certs/hostcert.pem
-key  /opt/openvpn/private/hostkey.pem
+cert /opt/openvpn/certs/ewon.rychiger.com-cert.pem
+key  /opt/openvpn/private/ewon.rychiger.com-key.pem
 verify-client-cert none
 username-as-common-name
 auth-user-pass-verify /opt/openvpn/scripts/openvpn-auth.py via-env