diff --git a/setup_openvpn.sh b/setup_openvpn.sh
index 373e01a..8baa3dc 100755
--- a/setup_openvpn.sh
+++ b/setup_openvpn.sh
@@ -83,10 +83,11 @@ key /etc/openvpn/server/server.key
dh /etc/openvpn/server/dh.pem
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
-push "dhcp-option DNS 8.8.8.8"
-push "dhcp-option DNS 8.8.4.4"
+push "dhcp-option DNS 1.1.1.1"
+push "dhcp-option DNS 1.0.0.1"
+push "block-outside-dns"
keepalive 10 120
-cipher AES-256-CBC
+cipher AES-256-GCM
user nobody
group nogroup
persist-key
@@ -137,9 +138,13 @@ echo "Starting OpenVPN service..."
systemctl start openvpn@server
systemctl enable openvpn@server
+# Verify the service is running
+echo "Verifying OpenVPN service status..."
+systemctl status openvpn@server || true
+
# Create client certificate generation script
echo "Creating client certificate generation script..."
-cat > /etc/openvpn/server/generate-client.sh << 'EOF'
+cat > /etc/openvpn/server/generate-client.sh << 'ENDOFFILE'
#!/bin/bash
if [ -z "$1" ]; then
@@ -160,39 +165,33 @@ mkdir -p /etc/openvpn/client
# Create client configuration
cat > /etc/openvpn/client/$CLIENT_NAME.ovpn << EOL
client
-proto udp
dev tun
-explicit-exit-notify
-remote $(curl -s ifconfig.me) 1194
+proto udp
+remote \$(curl -s ifconfig.me) 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
-auth-user-pass auth.txt
-cipher AES-256-CBC
+cipher AES-256-GCM
+data-ciphers AES-256-GCM:AES-256-CBC:AES-128-GCM:CHACHA20-POLY1305
+block-outside-dns
verb 3
+dhcp-option DNS 1.1.1.1
+dhcp-option DNS 1.0.0.1
-$(cat /etc/openvpn/server/ca.crt)
+\$(cat /etc/openvpn/server/ca.crt)
-$(cat /etc/openvpn/server/easy-rsa/pki/issued/$CLIENT_NAME.crt)
+\$(cat /etc/openvpn/server/easy-rsa/pki/issued/\$CLIENT_NAME.crt)
-$(cat /etc/openvpn/server/easy-rsa/pki/private/$CLIENT_NAME.key)
+\$(cat /etc/openvpn/server/easy-rsa/pki/private/\$CLIENT_NAME.key)
EOL
-# Create auth.txt file
-cat > /etc/openvpn/client/auth.txt << EOL
-# Add your username and password here if needed
-# username
-# password
-EOL
-
-echo "Client configuration created: /etc/openvpn/client/$CLIENT_NAME.ovpn"
-echo "Don't forget to configure auth.txt with your credentials if needed"
-EOF
+echo "Client configuration created: /etc/openvpn/client/\$CLIENT_NAME.ovpn"
+ENDOFFILE
chmod +x /etc/openvpn/server/generate-client.sh