diff --git a/build_key-pass.sh b/build_key-pass.sh index 09b7f4a..9b50350 100755 --- a/build_key-pass.sh +++ b/build_key-pass.sh @@ -523,6 +523,10 @@ if [[ -n "$SERVER_CIPHER" ]]; then cat <> "$_client_conf_file" 2>> "$log_file" cipher $SERVER_CIPHER EOF +else + cat <> "$_client_conf_file" 2>> "$log_file" +cipher BF-CBC +EOF fi cat <> "$_client_conf_file" 2>> "$log_file" @@ -541,6 +545,21 @@ fi cat <> ${_client_conf_file} 2>> "$log_file" +# --auth-nocache +# +# Don't cache --askpass or --auth-user-pass username/passwords in +# virtual memory. +# If specified, this directive will cause OpenVPN to immediately forget +# username/password inputs after they are used. As a result, when OpenVPN +# needs a username/password, it will prompt for input from stdin, which may +# be multiple times during the duration of an OpenVPN session. +# +# When using --auth-nocache in combination with a user/password file +# and --chroot or --daemon, make sure to use an absolute path. +# +# +auth-nocache + # Verbosity level. # 0 -- quiet except for fatal errors. # 1 -- mostly quiet, but display non-fatal network errors. diff --git a/create_key_config.sh b/create_key_config.sh index b5a8ff3..dcdfa3e 100755 --- a/create_key_config.sh +++ b/create_key_config.sh @@ -179,7 +179,7 @@ else fi -[[ "${SERVER_CIPHER,,}" = "none" ]] && SERVER_CIPHER="" +[[ "${SERVER_CIPHER,,}" = "none" ]] && SERVER_CIPHER="BF-CBC" if [[ -z "$LZO_COMPRESSION" ]]; then LZO_COMPRESSION=true elif $LZO_COMPRESSION ; then @@ -505,6 +505,10 @@ if [[ -n "$SERVER_CIPHER" ]]; then cat <> "$_client_conf_file" 2>> "$log_file" cipher $SERVER_CIPHER EOF +else + cat <> "$_client_conf_file" 2>> "$log_file" +cipher BF-CBC +EOF fi cat <> "$_client_conf_file" 2>> "$log_file" @@ -523,6 +527,21 @@ fi cat <> ${_client_conf_file} 2>> "$log_file" +# --auth-nocache +# +# Don't cache --askpass or --auth-user-pass username/passwords in +# virtual memory. +# If specified, this directive will cause OpenVPN to immediately forget +# username/password inputs after they are used. As a result, when OpenVPN +# needs a username/password, it will prompt for input from stdin, which may +# be multiple times during the duration of an OpenVPN session. +# +# When using --auth-nocache in combination with a user/password file +# and --chroot or --daemon, make sure to use an absolute path. +# +# +auth-nocache + # Verbosity level. # 0 -- quiet except for fatal errors. # 1 -- mostly quiet, but display non-fatal network errors.