easy-rsa can do 4096bit keys, been there done that, we should recommend it for VPNs
[ach-master.git] / src / practical_settings / vpn.tex
index e2bd671..2910b57 100644 (file)
@@ -296,7 +296,7 @@ The file \verb|vars| in the easyrsa installation directory has a
 number of settings that should be changed to secure values:
 
 \begin{lstlisting}[breaklines]
-export KEY_SIZE=2048 
+export KEY_SIZE=4096
 export KEY_EXPIRE=365
 export CA_EXPIRE=1826
 \end{lstlisting}