openvpn-install-advanced icon indicating copy to clipboard operation
openvpn-install-advanced copied to clipboard

Published 20 hours ago verified publisher icon pl48415

Change CA Name

Open SquirrelCoder opened this issue 9 years ago • 8 comments

Hello,

Thanks Sir for this outstanding script. Is it possible to change certificates name? like Organization name, CA name?

Best Regards,

SquirrelCoder avatar Mar 17 '16 13:03 SquirrelCoder

I'm looking into it, best regards

pl48415 avatar Mar 19 '16 03:03 pl48415

I added the feature, please try it: https://github.com/pl48415/openvpn-install-advanced/tree/testing

pl48415 avatar Mar 19 '16 04:03 pl48415

WOW, Sir, thank you very much, I will test it on a newly installed Debian 8 serve, and report back. Thanks a lot Sir, I greatly appreciate it.

SquirrelCoder avatar Mar 19 '16 18:03 SquirrelCoder

Okay, So I test it, the question is there "Do you to change CA NAME, STATE, etc" after I entered "y" , the script doesn't let me enter any value (like the ca name/state/etc...), it goes automatically to the next step, until "Okay, that was all I needed. We are ready to setup your OpenVPN server now Press any key to continue..." and I ctrl+C here , so I think there is some problem, because after this step the server.conf and client.conf will be generated.

SquirrelCoder avatar Mar 19 '16 19:03 SquirrelCoder

This behavior is normal, it will ask you during installation because it is part of certificate creation, maybe I should remove "Okay, that was all I needed....". Please try it.

pl48415 avatar Mar 19 '16 20:03 pl48415

Yes Sir, you are right, sorry, the script now accepts values for CAs, outstanding work, just there is this:

Sun Mar 20 01:16:55 2016 VERIFY OK: depth=1, C=RU, ST=testCountry, L=testCity, O=testing, OU=testingNewName, CN=TEST, [email protected]
**Certificate Co, OU=My Organizational Unit, CN=server, [email protected]**

so the first one is the one that I entered the values, but the second one is still unchanged, don't what the difference is. is it possible to change the second one too?

and I have another question: nyr script uses Blowfish authentication by default, is that correct? because for me AES is pretty slow when using this script but nyr scripts is pretty fast, so I was thinking, that this issue should be related to the cipher you have used in this script?

Thanks Sir

SquirrelCoder avatar Mar 19 '16 21:03 SquirrelCoder

I will look into certificate problem further. You can change cipher during setup, try others. Also try without additional TLS layer and choose 2048bit RSA. If you are using TCP it will be slower than UDP. Just to clarify by "pretty slow" are you talking about connection speed?

pl48415 avatar Mar 19 '16 23:03 pl48415

Thanks Sir for the reply, Yes, I mean connection speed, when e.g. downloading some file or opening a web page, take e.g. with my Internet Connection w/ AES-256 googles takes "~3" seconds, AES-128 "~1.5" Seconds, and BF-CBC almost instantly ("~1"), to open. but with nyr script it takes almost no time, like even faster than BF-CBC in your script, so I was wondering, if nyr's script even uses any encryption at all? or the block sizes, that nyr's script uses are much smaller?

SquirrelCoder avatar Mar 20 '16 07:03 SquirrelCoder