diff --git a/build_key-pass.sh b/build_key-pass.sh index da8bf6a..1a888a1 100755 --- a/build_key-pass.sh +++ b/build_key-pass.sh @@ -462,13 +462,17 @@ cat << EOF >> "$_client_conf_file" 2> $log_file # # To use this feature, you will need to generate # your server certificates with the nsCertType -# field set to "server". The build-key-serve +# field set to "server". The build-key-server +# script in the easy-rsa folder will do this. # # Note! -# This option has been deprecated since version 2.4 and -# will be removed from later distributions. +# The option "ns-cert-type" has been deprecated since +# version 2.4 and will be removed from later distributions. # +# Use the modern equivalent "remote-cert-tls" +# ;ns-cert-type server +remote-cert-tls server # If a tls-auth key is used on the server # then every client must also have the key. @@ -508,7 +512,7 @@ EOF if [[ -n "$SERVER_CIPHER" ]]; then cat <> "$_client_conf_file" 2>> "$log_file" -cipher AES-256-CBC +cipher $SERVER_CIPHER EOF fi diff --git a/create_key_config.sh b/create_key_config.sh index f172a45..fce9680 100755 --- a/create_key_config.sh +++ b/create_key_config.sh @@ -446,13 +446,17 @@ cat << EOF >> "$_client_conf_file" 2> $log_file # # To use this feature, you will need to generate # your server certificates with the nsCertType -# field set to "server". The build-key-serve +# field set to "server". The build-key-server +# script in the easy-rsa folder will do this. # # Note! -# This option has been deprecated since version 2.4 and -# will be removed from later distributions. +# The option "ns-cert-type" has been deprecated since +# version 2.4 and will be removed from later distributions. # -#ns-cert-type server +# Use the modern equivalent "remote-cert-tls" +# +;ns-cert-type server +remote-cert-tls server # If a tls-auth key is used on the server # then every client must also have the key. @@ -492,7 +496,7 @@ EOF if [[ -n "$SERVER_CIPHER" ]]; then cat <> "$_client_conf_file" 2>> "$log_file" -cipher AES-256-CBC +cipher $SERVER_CIPHER EOF fi diff --git a/install_openvpn.sh b/install_openvpn.sh index 3805a35..e188b05 100755 --- a/install_openvpn.sh +++ b/install_openvpn.sh @@ -500,6 +500,12 @@ echo "" echo "Note: if setting this parameter at the server configuration, this parameter *must'" echo " also set this parameter at client configuration" echo "" +echo " cipher BF-CBC # Blowfish (default)" +echo " cipher AES-128-CBC # AES 128Bit" +echo " cipher AES-256-CBC # AES 256Bit" +echo " cipher DES-EDE3-CBC # Triple-DES" +echo " ..." +echo "" echo -e "Type \"\033[33mNone\033[m\" if no default cipher should be set." echo "" SERVER_CIPHER="" @@ -1736,7 +1742,7 @@ EOF if [[ -n "$SERVER_CIPHER" ]]; then cat <> ${_server_conf_file} 2>> "$log_file" -cipher AES-256-CBC +cipher $SERVER_CIPHER EOF fi