Lifetime: \todo{need recommendations; 1--8 hours seems to be common practice}
-
-
\subsubsection{OpenVPN}
\todo{cm: please write this subsubsection}
\todo{WARNING - Section Writing in progress...}
+\todo{We suppose user uses easy-rsa which is roughly used in all HOWTO}
+
+\paragraph{Fine tuning at installation level}
+
+When installing an OpenVPN server instance, you are probably using \it{easy-rsa} tools to generate the crypto stuff needed.
+From the directory where you will run them, you can enhanced you configuration by changing the following variables in \it{Vars}
+
+\begin{lstlisting}[breaklines]
+export KEY_SIZE=2048
+\end{lstlisting}
+
+This will enhanced the security of the key exchange steps by using RSA keys with a length of 2048 bits.
+
+\todo{Shouldn't we need to reduce CA and certificate lifetime? Per default 10y!!}
+
+
+\paragraph{Server Configuration}
+
+\todo{To wrote - locked by David}
+
+\begin{lstlisting}[breaklines]
+Hello World!
+\end{lstlisting}
+
+
+\paragraph{Client Configuration}
+
+\todo{To wrote - locked by David}
+
+\begin{lstlisting}[breaklines]
+Hello World!
+\end{lstlisting}
+
\subsubsection{PPTP}
git.bettercrypto.org / ach-master.git / commitdiff