diff --git a/openvpn-install.sh b/openvpn-install.sh index f3c541c..11238f1 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -256,6 +256,8 @@ LimitNPROC=infinity" > /etc/systemd/system/openvpn-server@server.service.d/disab # Generate key for tls-crypt openvpn --genkey --secret /etc/openvpn/server/tc.key # Create the DH parameters file using the predefined ffdhe2048 group + # see https://security.stackexchange.com/a/149818 + # and https://www.rfc-editor.org/rfc/rfc7919 echo '-----BEGIN DH PARAMETERS----- MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz +8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a