Commit f8f016fd authored by David Johnson's avatar David Johnson

Disable compression and encryption by default.

parent 79a6fd21
......@@ -67,6 +67,22 @@ export KEY_ALTNAMES="DNS:$CONCENTRATOR"
mkdir -p $KEY_DIR
cd $EASY_RSA
#
# Setup some openvpn config file lines from our parameters.
#
CONFIG_COMPRESS="comp-lzo no"
if [ "$DO_COMPRESSION" = "1" ]; then
CONFIG_COMPRESS="comp-lzo yes"
elif [ -n "$DO_COMPRESSION" ]; then
CONFIG_COMPRESS="comp-lzo $DO_COMPRESSION"
fi
CONFIG_CRYPT="cipher none"
if [ "$DO_ENCRYPTION" = "1" ]; then
CONFIG_CRYPT="cipher AES-128-CBC"
elif [ -n "$DO_ENCRYPTION" ]; then
CONFIG_CRYPT="cipher $DO_ENCRYPTION"
fi
if [ ! -f $OURDIR/vpn-server-done ]; then
# Handle the case on Ubuntu18 where easy-rsa is broken for openssl 1.1.0
# (https://github.com/OpenVPN/easy-rsa/issues/159)
......@@ -119,7 +135,8 @@ client-config-dir /etc/openvpn/ccd
;client-to-client
;duplicate-cn
keepalive 10 120
comp-lzo
$CONFIG_COMPRESS
$CONFIG_CRYPT
persist-key
persist-tun
status openvpn-status.log
......@@ -237,7 +254,8 @@ ca ca.crt
cert $node.crt
key $node.key
ns-cert-type server
comp-lzo
$CONFIG_COMPRESS
$CONFIG_CRYPT
verb 3
route-up "/etc/openvpn/$node-route-up.sh"
route-pre-down "/etc/openvpn/$node-route-pre-down.sh"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment