install_openvpn.sh: generate Diffie-Hellman 4096-bit Key using the -dsaparam option to decrease generation time by avoiding strong prime effort - Strong primes provide little to no security benefit but take a lot of effort to produce.

install_openvpn.sh

@@ -1619,7 +1619,8 @@ fi
 echononl "   Generates DH (Diffie-Hellman) parameters (dh key).."
 if [[ "$os_dist" = "debian" ]] && [[ $os_version -lt 10 ]] ; then
    if [[ -f "${script_dir}/dh${KEY_SIZE}.pem" ]]; then
-      cp "${script_dir}/dh${KEY_SIZE}.pem" "${OPENVPN_KEY_DIR}/dh${KEY_SIZE}.pem" > "$log_file" 2>&1
+      #cp "${script_dir}/dh${KEY_SIZE}.pem" "${OPENVPN_KEY_DIR}/dh${KEY_SIZE}.pem" > "$log_file" 2>&1
+      openssl dhparam -dsaparam -out "${OPENVPN_KEY_DIR}/dh${KEY_SIZE}.pem" ${KEY_SIZE} > "$log_file" 2>&1
    else
 	   ${EASY_RSA_DIR}/build-dh > "$log_file" 2>&1
    fi
@@ -1634,7 +1635,8 @@ else
    if [[ -f "${script_dir}/dh${KEY_SIZE}.pem" ]]; then
       cp "${script_dir}/dh${KEY_SIZE}.pem" "${OPENVPN_KEY_DIR}/dh.pem" > "$log_file" 2>&1
    else
-	   ${EASY_RSA_DIR}/easyrsa gen-dh > "$log_file" 2>&1
+	   #${EASY_RSA_DIR}/easyrsa gen-dh > "$log_file" 2>&1
+      openssl dhparam -dsaparam -out "${OPENVPN_KEY_DIR}/dh.pem" ${KEY_SIZE} > "$log_file" 2>&1
    fi
    if [[ $? -eq 0 ]] ; then
       echo_ok