diff --git a/bin/setup-vpn.sh b/bin/setup-vpn.sh
index feb12fa03a1fa6f65444c6abded2b50961dc273e..2dc19c398e45ef6c2d4d336376a7a1abc89cbb5c 100755
--- a/bin/setup-vpn.sh
+++ b/bin/setup-vpn.sh
@@ -67,6 +67,22 @@ export KEY_ALTNAMES="DNS:$CONCENTRATOR"
 mkdir -p $KEY_DIR
 cd $EASY_RSA
 
+#
+# Setup some openvpn config file lines from our parameters.
+#
+CONFIG_COMPRESS="comp-lzo no"
+if [ "$DO_COMPRESSION" = "1" ]; then
+    CONFIG_COMPRESS="comp-lzo yes"
+elif [ -n "$DO_COMPRESSION" ]; then
+    CONFIG_COMPRESS="comp-lzo $DO_COMPRESSION"
+fi
+CONFIG_CRYPT="cipher none"
+if [ "$DO_ENCRYPTION" = "1" ]; then
+    CONFIG_CRYPT="cipher AES-128-CBC"
+elif [ -n "$DO_ENCRYPTION" ]; then
+    CONFIG_CRYPT="cipher $DO_ENCRYPTION"
+fi
+
 if [ ! -f $OURDIR/vpn-server-done ]; then
     # Handle the case on Ubuntu18 where easy-rsa is broken for openssl 1.1.0
     # (https://github.com/OpenVPN/easy-rsa/issues/159)
@@ -119,7 +135,8 @@ client-config-dir /etc/openvpn/ccd
 ;client-to-client
 ;duplicate-cn
 keepalive 10 120
-comp-lzo
+$CONFIG_COMPRESS
+$CONFIG_CRYPT
 persist-key
 persist-tun
 status openvpn-status.log
@@ -237,7 +254,8 @@ ca ca.crt
 cert $node.crt
 key $node.key
 ns-cert-type server
-comp-lzo
+$CONFIG_COMPRESS
+$CONFIG_CRYPT
 verb 3
 route-up "/etc/openvpn/$node-route-up.sh"
 route-pre-down "/etc/openvpn/$node-route-pre-down.sh"