Openvpn Crypthography


(klaus) #1

i’m playing arround with openvpn and wondering about the default settings in easy-rsa

Are the default setitngs sufficient?

#set_var EASYRSA_KEY_SIZE        2048
#set_var EASYRSA_ALGO            rsa
#set_var EASYRSA_CURVE           secp384r1

or change it to

set_var EASYRSA_KEY_SIZE        2048
set_var EASYRSA_ALGO            ec
set_var EASYRSA_CURVE           secp384r1

any recommendations?


(Hardeep Singh) #2

Not much familiar with configuring openVPN but this seems promising: https://www.maths.tcd.ie/~fionn/misc/ec_vpn.php

It says default settings aren’t sufficient and you should be looking for elliptic curve cryptography support.

Have a list of supported curves: openvpn --show-curves