install/openvpn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add auth-nocache. Set cipher to BF-CBC if no is specified.

Browse Source
This commit is contained in:
Christoph 2018-07-02 12:46:27 +02:00
parent da6749458e
commit b5ba1301d8
2 changed files with 39 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
build_key-pass.sh
View File

@ -523,6 +523,10 @@ if [[ -n "$SERVER_CIPHER" ]]; then
cat <<EOF >> "$_client_conf_file" 2>> "$log_file" cat <<EOF >> "$_client_conf_file" 2>> "$log_file"
cipher $SERVER_CIPHER cipher $SERVER_CIPHER
EOF EOF
else
cat <<EOF >> "$_client_conf_file" 2>> "$log_file"
cipher BF-CBC
EOF
fi fi
cat <<EOF >> "$_client_conf_file" 2>> "$log_file" cat <<EOF >> "$_client_conf_file" 2>> "$log_file"
@ -541,6 +545,21 @@ fi
cat <<EOF >> ${_client_conf_file} 2>> "$log_file" cat <<EOF >> ${_client_conf_file} 2>> "$log_file"
# --auth-nocache
#
# Don't cache --askpass or --auth-user-pass username/passwords in
# virtual memory.
# If specified, this directive will cause OpenVPN to immediately forget
# username/password inputs after they are used. As a result, when OpenVPN
# needs a username/password, it will prompt for input from stdin, which may
# be multiple times during the duration of an OpenVPN session.
#
# When using --auth-nocache in combination with a user/password file
# and --chroot or --daemon, make sure to use an absolute path.
#
#
auth-nocache
# Verbosity level. # Verbosity level.
# 0 -- quiet except for fatal errors. # 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors. # 1 -- mostly quiet, but display non-fatal network errors.

21
create_key_config.sh
View File

@ -179,7 +179,7 @@ else
fi fi
[[ "${SERVER_CIPHER,,}" = "none" ]] && SERVER_CIPHER="" [[ "${SERVER_CIPHER,,}" = "none" ]] && SERVER_CIPHER="BF-CBC"
if [[ -z "$LZO_COMPRESSION" ]]; then if [[ -z "$LZO_COMPRESSION" ]]; then
LZO_COMPRESSION=true LZO_COMPRESSION=true
elif $LZO_COMPRESSION ; then elif $LZO_COMPRESSION ; then
@ -505,6 +505,10 @@ if [[ -n "$SERVER_CIPHER" ]]; then
cat <<EOF >> "$_client_conf_file" 2>> "$log_file" cat <<EOF >> "$_client_conf_file" 2>> "$log_file"
cipher $SERVER_CIPHER cipher $SERVER_CIPHER
EOF EOF
else
cat <<EOF >> "$_client_conf_file" 2>> "$log_file"
cipher BF-CBC
EOF
fi fi
cat <<EOF >> "$_client_conf_file" 2>> "$log_file" cat <<EOF >> "$_client_conf_file" 2>> "$log_file"
@ -523,6 +527,21 @@ fi
cat <<EOF >> ${_client_conf_file} 2>> "$log_file" cat <<EOF >> ${_client_conf_file} 2>> "$log_file"
# --auth-nocache
#
# Don't cache --askpass or --auth-user-pass username/passwords in
# virtual memory.
# If specified, this directive will cause OpenVPN to immediately forget
# username/password inputs after they are used. As a result, when OpenVPN
# needs a username/password, it will prompt for input from stdin, which may
# be multiple times during the duration of an OpenVPN session.
#
# When using --auth-nocache in combination with a user/password file
# and --chroot or --daemon, make sure to use an absolute path.
#
#
auth-nocache
# Verbosity level. # Verbosity level.
# 0 -- quiet except for fatal errors. # 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors. # 1 -- mostly quiet, but display non-fatal network errors.