From 5f730036381986a246643c98b802d766af17cbf3 Mon Sep 17 00:00:00 2001
From: Christoph <ckubu@oopen.de>
Date: Sun, 8 Mar 2020 14:36:31 +0100
Subject: [PATCH] install_openvpn.sh: generate Diffie-Hellman 4096-bit Key
 using the -dsaparam option to decrease generation time by avoiding strong
 prime effort - Strong primes provide little to no security benefit but take a
 lot of effort to produce.

---
 install_openvpn.sh | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/install_openvpn.sh b/install_openvpn.sh
index 4b91a9b..5306691 100755
--- a/install_openvpn.sh
+++ b/install_openvpn.sh
@@ -1619,7 +1619,8 @@ fi
 echononl "   Generates DH (Diffie-Hellman) parameters (dh key).."
 if [[ "$os_dist" = "debian" ]] && [[ $os_version -lt 10 ]] ; then
    if [[ -f "${script_dir}/dh${KEY_SIZE}.pem" ]]; then
-      cp "${script_dir}/dh${KEY_SIZE}.pem" "${OPENVPN_KEY_DIR}/dh${KEY_SIZE}.pem" > "$log_file" 2>&1
+      #cp "${script_dir}/dh${KEY_SIZE}.pem" "${OPENVPN_KEY_DIR}/dh${KEY_SIZE}.pem" > "$log_file" 2>&1
+      openssl dhparam -dsaparam -out "${OPENVPN_KEY_DIR}/dh${KEY_SIZE}.pem" ${KEY_SIZE} > "$log_file" 2>&1
    else
 	   ${EASY_RSA_DIR}/build-dh > "$log_file" 2>&1
    fi
@@ -1634,7 +1635,8 @@ else
    if [[ -f "${script_dir}/dh${KEY_SIZE}.pem" ]]; then
       cp "${script_dir}/dh${KEY_SIZE}.pem" "${OPENVPN_KEY_DIR}/dh.pem" > "$log_file" 2>&1
    else
-	   ${EASY_RSA_DIR}/easyrsa gen-dh > "$log_file" 2>&1
+	   #${EASY_RSA_DIR}/easyrsa gen-dh > "$log_file" 2>&1
+      openssl dhparam -dsaparam -out "${OPENVPN_KEY_DIR}/dh.pem" ${KEY_SIZE} > "$log_file" 2>&1
    fi
    if [[ $? -eq 0 ]] ; then
       echo_ok