Up the default DH param size to 2048 bits

[Tenzer]

This is what the documentation states is needed in order to set up a secure VPN
server, so let's make it the default:
https://docs.pritunl.com/docs/securing-pritunl

[zachhuff386]

This is set to 1536 because some servers can take 10-15 minutes to generate larger parameters. This may have improved with recent performance improvements on cloud servers, I will need to do testing on different servers before increasing it.

[zachhuff386]

This pull request has a force push in it so I'm not going to merge it but the default param size has been increased to 2048.

[Tenzer]

Thanks! The force push was in order to fix a typo in the commit message, from "bites" to "bits".

[Tenzer]

@zachhuff386 https://security.stackexchange.com/a/95184 mentions adding the -dsaparam flag to the openssl dhparam operation as a way to speed it up massively while maintaining the same level of security.

It takes the average time (across 5 runs) for generating a 2048 bit DH parameter from an average of 42 seconds down to 0.6 seconds on my laptop.

Might be worth considering?

[jeremygaither]

Haveged may also help, especially on virtual machines: http://www.issihosts.com/haveged/

[Tenzer]

Haveged only helps generate random bits, but that's not what takes the time here. It's instead calculating prime numbers, so it's all CPU bound.