From 9ad5460e1455789ffd84996d92f59ede891ca65c Mon Sep 17 00:00:00 2001
From: mindgam3s <34487011+mindgam3s@users.noreply.github.com>
Date: Tue, 4 Jan 2022 09:33:10 +0100
Subject: [PATCH] added comments to the 'predefined DH' section

added comments to the 'predefined DH' section
---
 openvpn-install.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/openvpn-install.sh b/openvpn-install.sh
index f3c541c..11238f1 100644
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@@ -256,6 +256,8 @@ LimitNPROC=infinity" > /etc/systemd/system/openvpn-server@server.service.d/disab
 	# Generate key for tls-crypt
 	openvpn --genkey --secret /etc/openvpn/server/tc.key
 	# Create the DH parameters file using the predefined ffdhe2048 group
+	# see https://security.stackexchange.com/a/149818
+	# and https://www.rfc-editor.org/rfc/rfc7919
 	echo '-----BEGIN DH PARAMETERS-----
 MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
 +8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a