OpenVPN ConfigQuery
Just a quick note on setting the security for OpenVPN. To disable the older cyphers you can use QueryConfig in the command line. For our AWS Ec2 instance I simply used this line:
/usr/local/openvpn_as/scripts/sacli --key "cs.openssl_ciphersuites" --value 'EECDH+CHACHA20:EECDH+AES128:EECDH+AES256:!RSA:!3DES:!MD5:!RC4' ConfigPutThen confirm with:
/usr/local/openvpn_as/scripts/sacli ConfigQuery | grep "cipher"Finally restart the service:
service openvpnas restartYou may also like
Archives
Calendar
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| 1 | ||||||
| 2 | 3 | 4 | 5 | 6 | 7 | 8 |
| 9 | 10 | 11 | 12 | 13 | 14 | 15 |
| 16 | 17 | 18 | 19 | 20 | 21 | 22 |
| 23 | 24 | 25 | 26 | 27 | 28 | 29 |
| 30 | 31 | |||||
Leave a Reply