From f8f016fd6811adec3b64b3c5c8aea15690841f29 Mon Sep 17 00:00:00 2001
From: "David M. Johnson" <johnsond@flux.utah.edu>
Date: Tue, 28 Aug 2018 15:25:17 -0600
Subject: [PATCH] Disable compression and encryption by default.

---
 bin/setup-vpn.sh | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/bin/setup-vpn.sh b/bin/setup-vpn.sh
index feb12fa..2dc19c3 100755
--- a/bin/setup-vpn.sh
+++ b/bin/setup-vpn.sh
@@ -67,6 +67,22 @@ export KEY_ALTNAMES="DNS:$CONCENTRATOR"
 mkdir -p $KEY_DIR
 cd $EASY_RSA
 
+#
+# Setup some openvpn config file lines from our parameters.
+#
+CONFIG_COMPRESS="comp-lzo no"
+if [ "$DO_COMPRESSION" = "1" ]; then
+    CONFIG_COMPRESS="comp-lzo yes"
+elif [ -n "$DO_COMPRESSION" ]; then
+    CONFIG_COMPRESS="comp-lzo $DO_COMPRESSION"
+fi
+CONFIG_CRYPT="cipher none"
+if [ "$DO_ENCRYPTION" = "1" ]; then
+    CONFIG_CRYPT="cipher AES-128-CBC"
+elif [ -n "$DO_ENCRYPTION" ]; then
+    CONFIG_CRYPT="cipher $DO_ENCRYPTION"
+fi
+
 if [ ! -f $OURDIR/vpn-server-done ]; then
     # Handle the case on Ubuntu18 where easy-rsa is broken for openssl 1.1.0
     # (https://github.com/OpenVPN/easy-rsa/issues/159)
@@ -119,7 +135,8 @@ client-config-dir /etc/openvpn/ccd
 ;client-to-client
 ;duplicate-cn
 keepalive 10 120
-comp-lzo
+$CONFIG_COMPRESS
+$CONFIG_CRYPT
 persist-key
 persist-tun
 status openvpn-status.log
@@ -237,7 +254,8 @@ ca ca.crt
 cert $node.crt
 key $node.key
 ns-cert-type server
-comp-lzo
+$CONFIG_COMPRESS
+$CONFIG_CRYPT
 verb 3
 route-up "/etc/openvpn/$node-route-up.sh"
 route-pre-down "/etc/openvpn/$node-route-pre-down.sh"
-- 
GitLab