From 2afa3e3657afc159878ee6939080d3e741882e98 Mon Sep 17 00:00:00 2001
From: Joerg Lehmann <joerg.lehmann@nbit.ch>
Date: Fri, 28 Oct 2022 18:55:50 +0200
Subject: [PATCH] make it work (UDP/1194) with a Real-Ewon! (lower security
 levels)

---
 README.md          | 8 ++++++++
 config/server.conf | 5 ++++-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 3a93425..3eef771 100644
--- a/README.md
+++ b/README.md
@@ -40,6 +40,14 @@ Noch ein paar Zusatzpakete:
 # yum install tcpdump -y
 # yum install python3-bcrypt -y
 # yum install tar -y
+
+
+Firewalld disablen (WICHTIG!!!)
+# systemctl disable --now firewalld
+
+Tiefere Sicherheitsstufe, siehe https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening
+
+# update-crypto-policies --set LEGACY
 ```
 
 Wegen Entropy:
diff --git a/config/server.conf b/config/server.conf
index bc1524e..e2a6608 100644
--- a/config/server.conf
+++ b/config/server.conf
@@ -9,7 +9,10 @@ script-security 3
 writepid /var/run/openvpn-server/myopenvpn.pid
 
 ; ciphers
-tls-cipher "DEFAULT"
+tls-cipher "DEFAULT:@SECLEVEL=0"
+tls-version-min 1.0
+providers legacy default
+data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC
 
 ; tunnel configuration
 dev tap0