easy-rsa can do 4096bit keys, been there done that, we should recommend it for VPNs

diff --git a/src/practical_settings/vpn.tex b/src/practical_settings/vpn.tex
index e2bd671..2910b57 100644 (file)
--- a/src/practical_settings/vpn.tex
+++ b/src/practical_settings/vpn.tex
@@ -296,7 +296,7 @@ The file \verb|vars| in the easyrsa installation directory has a
 number of settings that should be changed to secure values:
 
 \begin{lstlisting}[breaklines]
-export KEY_SIZE=2048 
+export KEY_SIZE=4096
 export KEY_EXPIRE=365
 export CA_EXPIRE=1826
 \end{lstlisting}