Feb 11

OpenVPN ConfigQuery

Just a quick note on setting the security for OpenVPN. To disable the older cyphers you can use QueryConfig in the command line. For our AWS Ec2 instance I simply used this line:

/usr/local/openvpn_as/scripts/sacli --key "cs.openssl_ciphersuites" --value 'EECDH+CHACHA20:EECDH+AES128:EECDH+AES256:!RSA:!3DES:!MD5:!RC4' ConfigPut

Then confirm with:

/usr/local/openvpn_as/scripts/sacli ConfigQuery | grep "cipher"

Finally restart the service:

service openvpnas restart

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Close Bitnami banner