> hi, > On Wed, Dec 27, 2023 at 09:48:34AM +0000, Jason Long via Openvpn-users wrote: > >My server and client configurations are as follows: > > >https://paste.mozilla.org/sR05JKfV > > >https://paste.mozilla.org/PxsW6MC8 > > >Are these suitable in terms of security? Do you have any suggestions to > >improve them? > > No idea?
> You have asked questions like this before, and the answer you got was > "use the defaults + tls-crypt, these are reasonable". So this is still > the answer. > OTOH, I'm just too lazy to click on some random URLs in mails, and possibly > copy-back lines I want to comment on - so if you expect me to answer a > question (without paying me to), the question needs to be in the mail, not > causing extra effort for me. > gert > -- > "If was one thing all people took for granted, was conviction that if you > feed honest figures into a computer, honest figures come out. Never doubted > it myself till I met a computer with a sense of humor." > Robert A. Heinlein, The Moon is a Harsh Mistress > Gert Doering - Munich, Germany g...@greenie.muc.de Hi, Sure. Server config is: port 2023 proto udp dev tun1 ca /etc/openvpn/server/ca.crt cert /etc/openvpn/server/H_Server.crt key /etc/openvpn/server/H_Server.key dh /etc/openvpn/server/dh.pem server 20.20.0.0 255.255.255.0 push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 172.20.1.2" push "dhcp-option DNS 172.20.1.7" push "route 172.20.0.0 255.255.255.0" topology subnet keepalive 10 120 tls-crypt /etc/openvpn/server/ta.key 0 cipher AES-256-GCM data-ciphers AES-256-GCM user nobody group nogroup persist-key persist-tun status /var/log/openvpn/openvpn-status.log log /var/log/openvpn/openvpn.log log-append /var/log/openvpn/openvpn.log verb 3 explicit-exit-notify 1 Client config is: client dev tun1 proto udp remote IP 2023 resolv-retry infinite nobind persist-key persist-tun remote-cert-tls server data-ciphers AES-256-GCM cipher AES-256-GCM verb 3 <ca> # Ca.crt -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- </ca> <cert> # Client.crt Certificate: ... -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- </cert> <key> # Client.key -----BEGIN PRIVATE KEY----- -----END PRIVATE KEY----- </key> <tls-crypt> # Ta.key # # 2048 bit OpenVPN static key # -----BEGIN OpenVPN Static key V1----- -----END OpenVPN Static key V1----- </tls-crypt> _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
