Hello, Looking at pivpn how do I do the install, but change the key from 256 bit to 512 bit? I tried manually getting the file from git, editing and running it and it bombed out, curve error.
Thanks. Dave. On 7/1/21, David Mehler <dave.meh...@gmail.com> wrote: > Hello, > > Thanks, I've looked at pivpn and it looks good, how do I customize my > ecc keys for 512 bit instead of 254 bit and how do I get aes256-gcm > instead of aes256-cbc? > > The network will be 10.x.x.x/8 for vpn clients but I want connecting > clients to use the openvpn server as there point of internet > connectivity and to fail out if they don't, is this customizable? I'm > not seeing it on the main pivpn.io page? > > Thanks. > Dave. > > > On 7/1/21, tincantech <tincant...@protonmail.com> wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA256 >> >> Hi, >> >> all you basically need can be found at pivpn.io >> >> >> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ >> >> On Saturday, June 26th, 2021 at 19:49, David Mehler >> <dave.meh...@gmail.com> >> wrote: >> >>> Hello, >>> >>> I'm wanting to set up an OpenVPN external client to an internal >>> >>> OpenVPN server. I've got an Orbi mesh system and I've updated it to >>> >>> the latest firmware. What I'm not liking about the Orbi is it's not >>> >>> using strong protocols and ciphers, specifically a gcm cipher and >>> >>> hardening the configuration of the OpenVPN server and connecting >>> >>> external clients. So I'm wanting to set up an internal OpenVPN server >>> >>> that I can forward UDP port 1194 to when the external client wants to >>> >>> access. The OpenVPN server is running on a Raspberry Pi 4 running >>> >>> Raspbian Buster I believe. >>> >>> I'd like to get it going to hav all of the information in to a single >>> >>> configuration file so I only have to distribute one file vs a separate >>> >>> certificate/key/tls certificate. I'm thinking from reading the docs >>> >>> that i'd like to also add to this file a tls-crypt section as that has >>> >>> the edge over the tls-auth. >>> >>> Does anyone have a howto with 2.5 which will get this going? My >>> >>> openssl version on the Pi is version 1.1.something d I think. >>> >>> Thanks. >>> >>> Dave. >>> >>> Openvpn-users mailing list >>> >>> Openvpn-users@lists.sourceforge.net >>> >>> https://lists.sourceforge.net/lists/listinfo/openvpn-users >> -----BEGIN PGP SIGNATURE----- >> Version: ProtonMail >> >> wsBzBAEBCAAGBQJg3hMPACEJEE+XnPZrkLidFiEECbw9RGejjXJ5xVVVT5ec >> 9muQuJ1Tcwf+NnSBlTBJxS6dxeqxhPxlQHquEfWXLYY9A/eB0EcFYkToVjVv >> 11R5NWGpYUcWEOUuwIP8IPQyVTXAEK9KJvoYCIq0unKwuuN8wPDUUPTsjwLF >> JdjP7LAqU+SVdR2ZiEW89xSWunew+xyfcKl9kl97cqp/8ESOcauTuq24bgSY >> rCdhivrcE+TSOiawgTmLp+Kx4godc+i9KMsapPgpmVZAnzBXLulxVICzYbjh >> pSKp+fvFPyXpueoxIt72l74uzzLY1jhKETCV29aOp9ZFtiI1krZWdOnOI6pb >> d25uNJp63emW4YCS+IzBMW89UGjO852uAro9b/Gir4y0wWzNEy40Cg== >> =3abd >> -----END PGP SIGNATURE----- >> > _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
