Openvpn Crypthography

(klaus) #1

i’m playing arround with openvpn and wondering about the default settings in easy-rsa

Are the default setitngs sufficient?

#set_var EASYRSA_KEY_SIZE        2048
#set_var EASYRSA_ALGO            rsa
#set_var EASYRSA_CURVE           secp384r1

or change it to

set_var EASYRSA_KEY_SIZE        2048
set_var EASYRSA_ALGO            ec
set_var EASYRSA_CURVE           secp384r1

any recommendations?

(Hardeep Singh) #2

Not much familiar with configuring openVPN but this seems promising:

It says default settings aren’t sufficient and you should be looking for elliptic curve cryptography support.

Have a list of supported curves: openvpn --show-curves