I had installed the server on a Raspberry Pi with the following configuration:
script-security 2
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh3072.pem
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
user nobody
group nogroup
daemon
server 10.8.0.0 255.255.255.0
cipher AES-256-CBC
tls-cipher AES256-SHA
keepalive 10 60
ping-timer-rem
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 5
client-to-client
push "redirect-gateway def1"
#set the dns servers
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
log-append /var/log/openvpn
comp-lzo
And this is the client configuration:
dev tun
client
proto udp
remote xxx.xxx.xxx.xxx 1194
cipher AES-256-CBC
auth SHA256
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
tls-auth ta.key 1
comp-lzo
verb 4
I can connnect to the vpn and works fine, but, when i see the logs in the server, found some things that i would like change in order to improve the security:
Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
[...]
Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sorry if the configuration is too wrong, but this is my first time with the software and i learned all that i know by myself.
Thanks in advance.
