Re: [Openvpn-users] Are my configurations secure enough?

David Sommerseth via Openvpn-users Tue, 09 Jan 2024 11:41:16 -0800

On 27/12/2023 12:43, Jason Long via Openvpn-users wrote:
[...snipp...]

Server config is:


port 2023
proto udp
dev tun1
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/H_Server.crt
key /etc/openvpn/server/H_Server.key
dh /etc/openvpn/server/dh.pem
server 20.20.0.0 255.255.255.0

20.20.0.0/24 is not a private RFC1918 IP address range. This may hityou by surprise. The VPN IP address range should be a private IPaddress range only.

push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 172.20.1.2"
push "dhcp-option DNS 172.20.1.7"

push "route 172.20.0.0 255.255.255.0"
topology subnet

keepalive 10 120
tls-crypt /etc/openvpn/server/ta.key 0


Wrong usage of tls-crypt.  Read the man page, please.


cipher AES-256-GCM
data-ciphers AES-256-GCM


These two lines are not needed with OpenVPN 2.6.


--
kind regards,

David Sommerseth
OpenVPN Inc




_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Re: [Openvpn-users] Are my configurations secure enough?

Reply via email to