relax openvpn ciphers

2018-07-05 20:52:24 +02:00 · 2018-07-05 20:52:24 +02:00 · 6fbac592ea
parent c2b17a2e8c
commit 6fbac592ea
18 changed files with 115 additions and 0 deletions
--- a/ccd/010003006012
+++ b/ccd/010003006012
--- a/ccd/010003006036
+++ b/ccd/010003006036
@ -0,0 +1 @@
+ifconfig-push 10.3.6.36 255.255.0.0
--- a/ccd/010003006037
+++ b/ccd/010003006037
@ -0,0 +1 @@
+ifconfig-push 10.3.6.37 255.255.0.0
--- a/ccd/010003006038
+++ b/ccd/010003006038
@ -0,0 +1 @@
+ifconfig-push 10.3.6.38 255.255.0.0
--- a/ccd/010003006039
+++ b/ccd/010003006039
@ -0,0 +1 @@
+ifconfig-push 10.3.6.39 255.255.0.0
--- a/ccd/010003006040
+++ b/ccd/010003006040
@ -0,0 +1 @@
+ifconfig-push 10.3.6.40 255.255.0.0
--- a/ccd/010003006041
+++ b/ccd/010003006041
@ -0,0 +1 @@
+ifconfig-push 10.3.6.41 255.255.0.0
--- a/ccd/010003006042
+++ b/ccd/010003006042
@ -0,0 +1 @@
+ifconfig-push 10.3.6.42 255.255.0.0
--- a/ccd/010003006043
+++ b/ccd/010003006043
@ -0,0 +1 @@
+ifconfig-push 10.3.6.43 255.255.0.0
--- a/ccd/010003006044
+++ b/ccd/010003006044
@ -0,0 +1 @@
+ifconfig-push 10.3.6.44 255.255.0.0
--- a/ccd/010003006045
+++ b/ccd/010003006045
@ -0,0 +1 @@
+ifconfig-push 10.3.6.45 255.255.0.0
--- a/ccd/010003006046
+++ b/ccd/010003006046
@ -0,0 +1 @@
+ifconfig-push 10.3.6.46 255.255.0.0
--- a/ccd/010003006047
+++ b/ccd/010003006047
@ -0,0 +1 @@
+ifconfig-push 10.3.6.47 255.255.0.0
--- a/ccd/010003006048
+++ b/ccd/010003006048
@ -0,0 +1 @@
+ifconfig-push 10.3.6.48 255.255.0.0
--- a/config/server-443.conf
+++ b/config/server-443.conf
@ -8,6 +8,9 @@ client-config-dir /opt/openvpn/ccd
 script-security 3
 writepid /var/run/openvpn-server/myopenvpn-443.pid

+; ciphers
+tls-cipher "DEFAULT"
+
 ; tunnel configuration
 dev tap1
 server-bridge 10.3.5.1 255.255.0.0 10.3.6.1 10.3.7.254
--- a/config/server-443.conf.5jul2018
+++ b/config/server-443.conf.5jul2018
@ -0,0 +1,48 @@
+mode server
+daemon
+tls-server
+proto tcp
+port  443
+local 192.168.99.11
+client-config-dir /opt/openvpn/ccd
+script-security 3
+writepid /var/run/openvpn-server/myopenvpn-443.pid
+
+; tunnel configuration
+dev tap1
+server-bridge 10.3.5.1 255.255.0.0 10.3.6.1 10.3.7.254
+passtos
+comp-lzo
+persist-key
+persist-tun
+persist-local-ip
+persist-remote-ip
+
+; loggin and status
+ifconfig-pool-persist /opt/openvpn/leases/openvpn-443.leases
+status-version 2
+status /opt/openvpn/status/openvpnserver-status-443.log 5;
+verb 3
+client-connect     /opt/openvpn/scripts/logon.sh
+client-disconnect  /opt/openvpn/scripts/logoff.sh
+
+; routing
+;push "route 10.3.0.0 255.255.0.0"
+
+; management 
+management localhost 6667
+
+; certificates and authentication
+dh   /opt/openvpn/private/dh1024.pem
+ca   /opt/openvpn/ca/cacert.pem
+cert /opt/openvpn/certs/hostcert.pem
+key  /opt/openvpn/private/hostkey.pem
+verify-client-cert none
+username-as-common-name
+auth-user-pass-verify /opt/openvpn/scripts/openvpn-auth.py via-env
+;client-to-client
+keepalive 10 60
+max-clients 50
+
+; explicit exit
+push "explicit-exit-notify"
--- a/config/server.conf
+++ b/config/server.conf
@ -8,6 +8,9 @@ client-config-dir /opt/openvpn/ccd
 script-security 3
 writepid /var/run/openvpn-server/myopenvpn.pid

+; ciphers
+tls-cipher "DEFAULT"
+
 ; tunnel configuration
 dev tap0
 server-bridge 10.3.5.1 255.255.0.0 10.3.6.1 10.3.7.254
--- a/config/server.conf.5jul2018
+++ b/config/server.conf.5jul2018
@ -0,0 +1,48 @@
+mode server
+daemon
+tls-server
+proto udp
+port  1194
+local 192.168.99.11
+client-config-dir /opt/openvpn/ccd
+script-security 3
+writepid /var/run/openvpn-server/myopenvpn.pid
+
+; tunnel configuration
+dev tap0
+server-bridge 10.3.5.1 255.255.0.0 10.3.6.1 10.3.7.254
+passtos
+comp-lzo
+persist-key
+persist-tun
+persist-local-ip
+persist-remote-ip
+
+; loggin and status
+ifconfig-pool-persist /opt/openvpn/leases/openvpn.leases
+status-version 2
+status /opt/openvpn/status/openvpnserver-status.log 5;
+verb 3
+client-connect     /opt/openvpn/scripts/logon.sh
+client-disconnect  /opt/openvpn/scripts/logoff.sh
+
+; routing
+;push "route 10.3.0.0 255.255.0.0"
+
+; management 
+management localhost 6666
+
+; certificates and authentication
+dh   /opt/openvpn/private/dh1024.pem
+ca   /opt/openvpn/ca/cacert.pem
+cert /opt/openvpn/certs/hostcert.pem
+key  /opt/openvpn/private/hostkey.pem
+verify-client-cert none
+username-as-common-name
+auth-user-pass-verify /opt/openvpn/scripts/openvpn-auth.py via-env
+;client-to-client
+keepalive 10 60
+max-clients 50
+
+; explicit exit
+push "explicit-exit-notify"