Explizit set cipher, default to 'cipher BF-CBC'.

2018-08-23 16:54:32 +02:00 · 2018-08-23 16:54:32 +02:00 · 851d476bfd
commit 851d476bfd
parent 959b28cf2f
3 changed files with 19 additions and 5 deletions
--- a/build_key-pass.sh
+++ b/build_key-pass.sh
@ -520,9 +520,15 @@ cat << EOF >> "$_client_conf_file"  2> $log_file
 EOF

 if [[ -n "$SERVER_CIPHER" ]]; then
-   cat <<EOF >> "$_client_conf_file" 2>> "$log_file"
+   if [[ "${SERVER_CIPHER,,}" = "none" ]]; then
+      cat <<EOF >> "$_client_conf_file" 2>> "$log_file"
+cipher BF-CBC
+EOF
+   else
+      cat <<EOF >> "$_client_conf_file" 2>> "$log_file"
 cipher $SERVER_CIPHER
 EOF
+   fi
 else
   cat <<EOF >> "$_client_conf_file" 2>> "$log_file"
 cipher BF-CBC
--- a/create_key_config.sh
+++ b/create_key_config.sh
@ -180,6 +180,7 @@ fi


 [[ "${SERVER_CIPHER,,}" = "none" ]] && SERVER_CIPHER="BF-CBC"
+[[ "${SERVER_CIPHER,,}" = "" ]] && SERVER_CIPHER="BF-CBC"
 if [[ -z "$LZO_COMPRESSION" ]]; then
   LZO_COMPRESSION=true
 elif $LZO_COMPRESSION ; then
--- a/install_openvpn.sh
+++ b/install_openvpn.sh
@ -181,7 +181,7 @@ DEFAULT_KEY_EMAIL='argus@oopen.de'
 DEFAULT_KEY_ORG='o.open'
 DEFAULT_KEY_OU="Network Services"

-DEFAULT_SERVER_CIPHER="None"
+DEFAULT_SERVER_CIPHER="BF-CBC"
 #DEFAULT_SERVER_CIPHER="AES-256-CBC"


@ -498,7 +498,7 @@ if [[ "X$SERVER_CIPHER" = "X" ]]; then
   SERVER_CIPHER="$DEFAULT_SERVER_CIPHER"
 fi
 if [[ "$(trim ${SERVER_CIPHER,,})" = none ]]; then
-   SERVER_CIPHER=""
+   SERVER_CIPHER="$DEFAULT_SERVER_CIPHER"
 fi

 echo ""
@ -856,13 +856,20 @@ EOF
 fi

 if [[ -n "$SERVER_CIPHER" ]] ; then
-   cat << EOF >> $_openvpn_name_conf_file 2> $log_file
+   if [[ "${SERVER_CIPHER,,}" = "none" ]]; then
+      cat <<EOF >> "$_client_conf_file" 2>> "$log_file"
+cipher BF-CBC
+
+EOF
+   else
+      cat << EOF >> $_openvpn_name_conf_file 2> $log_file
 SERVER_CIPHER="$SERVER_CIPHER"

 EOF
+   fi
 else
   cat << EOF >> $_openvpn_name_conf_file 2> $log_file
-SERVER_CIPHER="none"
+SERVER_CIPHER="$DEFAULT_SERVER_CIPHER"

 EOF
 fi