Security & Encryption¶
Overview¶
The script provides secure defaults while allowing full customization of the encryption stack.
Default Security Settings¶
| Setting | Default Value |
|---|---|
| Data cipher | AES-128-GCM |
| Certificate type | ECDSA |
| ECDSA curve | prime256v1 |
| HMAC digest | SHA256 |
| TLS minimum | 1.2 |
| Control channel | tls-crypt-v2 |
| Auth mode | PKI |
Data Channel Ciphers¶
The data channel cipher encrypts the actual VPN traffic:
| Cipher | Type | Notes |
|---|---|---|
AES-128-GCM | AEAD | Default — fast and secure |
AES-192-GCM | AEAD | — |
AES-256-GCM | AEAD | Maximum AES security |
AES-128-CBC | Block | Legacy compatibility |
AES-192-CBC | Block | Legacy compatibility |
AES-256-CBC | Block | Legacy compatibility |
CHACHA20-POLY1305 | AEAD | Better on devices without AES-NI (OpenVPN 2.5+) |
Tip
AEAD ciphers (GCM, CHACHA20-POLY1305) are recommended. They provide both encryption and authentication in a single operation.
Certificate Configuration¶
Certificate Types¶
Elliptic Curve Digital Signature Algorithm. Faster, lighter, and more secure than RSA for equivalent security levels.
Available curves:
| Curve | Security Level |
|---|---|
prime256v1 | 128-bit (default) |
secp384r1 | 192-bit |
secp521r1 | 256-bit |
Certificate Validity¶
| Certificate | Default | Option |
|---|---|---|
| Server | 3650 days (10 years) | --server-cert-days |
| Client | 3650 days (10 years) | --client-cert-days |
| CRL | 5475 days (15 years) | — |
Server Certificate Name¶
The server certificate name is randomized for privacy. This prevents revealing server identity in the TLS handshake.
TLS Configuration¶
Minimum TLS Version¶
# TLS 1.2 (default — broad compatibility)
sudo ./openvpn-install.sh install --tls-version-min 1.2
# TLS 1.3 (maximum security)
sudo ./openvpn-install.sh install --tls-version-min 1.3
TLS 1.3 Cipher Suites¶
When using TLS 1.3, you can configure the cipher suites:
TLS_AES_256_GCM_SHA384TLS_AES_128_GCM_SHA256TLS_CHACHA20_POLY1305_SHA256
sudo ./openvpn-install.sh install \
--tls-version-min 1.3 \
--tls-ciphersuites "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256"
Key Exchange Groups¶
Default: X25519:prime256v1:secp384r1:secp521r1
Control Channel Security¶
The control channel handles key exchange and authentication. Three modes are available:
| Mode | Option | Description | Requires |
|---|---|---|---|
| tls-crypt-v2 | --tls-sig crypt-v2 | Per-client encryption keys (default) | OpenVPN 2.5+ |
| tls-crypt | --tls-sig crypt | Shared encryption key | OpenVPN 2.4+ |
| tls-auth | --tls-sig auth | HMAC authentication only | Any version |
tls-crypt-v2 advantages
- Each client gets a unique key derived from the server key
- Prevents unauthorized clients from initiating TLS handshakes
- Provides DDoS protection for the server
Authentication Modes¶
PKI (default)¶
Traditional CA-based authentication with Certificate Revocation Lists (CRL):
- Full PKI infrastructure with CA
- CRL-based revocation
- Suitable for any deployment size
Fingerprint (OpenVPN 2.6+)¶
WireGuard-like peer fingerprint authentication:
- Self-signed certificates without CA
- Simpler setup for small deployments
- Fingerprint-based peer verification
- No CRL needed — fingerprints stored in config
Compression¶
Compression is disabled
The script does not enable compression to prevent the VORACLE vulnerability. OpenVPN 2.6+ blocks compression by default.
HMAC Digest¶
The HMAC algorithm used for packet authentication:
| Algorithm | Option |
|---|---|
| SHA256 | --hmac SHA256 (default) |
| SHA384 | --hmac SHA384 |
| SHA512 | --hmac SHA512 |
Unprivileged Mode¶
The script can configure OpenVPN to run as nobody:nogroup, reducing the attack surface:
- Drops root privileges after initialization
- Cannot modify system files at runtime