install_openvpn.sh: generate Diffie-Hellman 4096-bit Key using the -dsaparam option to decrease generation time by avoiding strong prime effort - Strong primes provide little to no security benefit but take a lot of effort to produce.

2020-03-08 14:36:31 +01:00 · 2020-03-08 14:36:31 +01:00 · 5f73003638
commit 5f73003638
parent 7e0e60cc9c
1 changed files with 4 additions and 2 deletions
--- a/install_openvpn.sh
+++ b/install_openvpn.sh
@ -1619,7 +1619,8 @@ fi
 echononl "   Generates DH (Diffie-Hellman) parameters (dh key).."
 if [[ "$os_dist" = "debian" ]] && [[ $os_version -lt 10 ]] ; then
   if [[ -f "${script_dir}/dh${KEY_SIZE}.pem" ]]; then
-      cp "${script_dir}/dh${KEY_SIZE}.pem" "${OPENVPN_KEY_DIR}/dh${KEY_SIZE}.pem" > "$log_file" 2>&1
+      #cp "${script_dir}/dh${KEY_SIZE}.pem" "${OPENVPN_KEY_DIR}/dh${KEY_SIZE}.pem" > "$log_file" 2>&1
      openssl dhparam -dsaparam -out "${OPENVPN_KEY_DIR}/dh${KEY_SIZE}.pem" ${KEY_SIZE} > "$log_file" 2>&1
   else
 	   ${EASY_RSA_DIR}/build-dh > "$log_file" 2>&1
   fi
@ -1634,7 +1635,8 @@ else
   if [[ -f "${script_dir}/dh${KEY_SIZE}.pem" ]]; then
      cp "${script_dir}/dh${KEY_SIZE}.pem" "${OPENVPN_KEY_DIR}/dh.pem" > "$log_file" 2>&1
   else
-	   ${EASY_RSA_DIR}/easyrsa gen-dh > "$log_file" 2>&1
+	   #${EASY_RSA_DIR}/easyrsa gen-dh > "$log_file" 2>&1
      openssl dhparam -dsaparam -out "${OPENVPN_KEY_DIR}/dh.pem" ${KEY_SIZE} > "$log_file" 2>&1
   fi
   if [[ $? -eq 0 ]] ; then
      echo_ok