From 2105dcfc28b6c6ecc202f2cc7e28e53781986ee7 Mon Sep 17 00:00:00 2001
From: 255h <255h@bk.ru>
Date: Fri, 1 Dec 2023 14:18:21 +0300
Subject: [PATCH] Fix: Generate DH pem instead of using hardcoded one

---
 openvpn-install.sh | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/openvpn-install.sh b/openvpn-install.sh
index ff1d0db..e96a917 100644
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@@ -262,14 +262,16 @@ LimitNPROC=infinity" > /etc/systemd/system/openvpn-server@server.service.d/disab
 	# Generate key for tls-crypt
 	openvpn --genkey --secret /etc/openvpn/server/tc.key
 	# Create the DH parameters file using the predefined ffdhe2048 group
-	echo '-----BEGIN DH PARAMETERS-----
-MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
-+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
-87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
-YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
-7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
-ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
------END DH PARAMETERS-----' > /etc/openvpn/server/dh.pem
+#	echo '-----BEGIN DH PARAMETERS-----
+#MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
+#+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
+#87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
+#YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
+#7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
+#ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
+#-----END DH PARAMETERS-----' > /etc/openvpn/server/dh.pem
+# Generate key instead of using hardcoded one
+	openssl dhparam -out /etc/openvpn/server/dh.pem 2048
 	# Generate server.conf
 	echo "local $ip
 port $port