Drafting OpenVPN (only DRAFT)
authorDavid Durvaux <info@autopsit.org>
Tue, 19 Nov 2013 16:54:45 +0000 (17:54 +0100)
committerDavid Durvaux <info@autopsit.org>
Tue, 19 Nov 2013 16:54:45 +0000 (17:54 +0100)
src/practical_settings.tex

index 483c2a8..dc1482e 100644 (file)
@@ -559,11 +559,42 @@ Hash Algorithm: none (if using AES-GCM), HMAC-SHA-SHA256 or longer
 Lifetime: \todo{need recommendations; 1--8 hours seems to be common practice}
 
 
-
-
 \subsubsection{OpenVPN}
 \todo{cm: please write this subsubsection}
 \todo{WARNING - Section Writing in progress...}
+\todo{We suppose user uses easy-rsa which is roughly used in all HOWTO}
+
+\paragraph{Fine tuning at installation level}
+
+When installing an OpenVPN server instance, you are probably using \it{easy-rsa} tools to generate the crypto stuff needed.
+From the directory where you will run them, you can enhanced you configuration by changing the following variables in \it{Vars}
+
+\begin{lstlisting}[breaklines]
+export KEY_SIZE=2048 
+\end{lstlisting}
+
+This will enhanced the security of the key exchange steps by using RSA keys with a length of 2048 bits.
+
+\todo{Shouldn't we need to reduce CA and certificate lifetime?  Per default 10y!!}
+
+
+\paragraph{Server Configuration}
+
+\todo{To wrote - locked by David}
+
+\begin{lstlisting}[breaklines]
+Hello World!
+\end{lstlisting}
+
+
+\paragraph{Client Configuration}
+
+\todo{To wrote - locked by David}
+
+\begin{lstlisting}[breaklines]
+Hello World!
+\end{lstlisting}
+
 
 
 \subsubsection{PPTP}