Just a quick note on setting the security for OpenVPN. To disable the older cyphers you can use QueryConfig in the command line. For our AWS Ec2 instance I simply used this line:
/usr/local/openvpn_as/scripts/sacli --key "cs.openssl_ciphersuites" --value 'EECDH+CHACHA20:EECDH+AES128:EECDH+AES256:!RSA:!3DES:!MD5:!RC4' ConfigPutThen confirm with:
/usr/local/openvpn_as/scripts/sacli ConfigQuery | grep "cipher"Finally restart the service:
service openvpnas restart
Recent Comments