--- # Add as many users as you want for your VPN server here users: - dan - jack # Add an email address to send logs if you're using auditd for monitoring. # Avoid using '+' in your email address otherwise auditd will fail to start. auditd_action_mail_acct: email@example.com # Exported certificates will be protected by the password below: easyrsa_p12_export_password: vpnpws ### Advanced users only below this line ### easyrsa_dir: /opt/easy-rsa-ipsec easyrsa_ca_expire: 3650 easyrsa_cert_expire: 3650 # If True re-init all existing certificates. (True or False) easyrsa_reinit_existent: False vpn_network: 10.19.48.0/24 vpn_network_ipv6: 'fd9d:bc11:4020::/48' # https://www.sixxs.net/tools/whois/?fd9d:bc11:4020::/48 server_name: "{{ ansible_ssh_host }}" IP_subject_alt_name: "{{ ansible_ssh_host }}" dns_servers: - 8.8.8.8 - 8.8.4.4 - 2001:4860:4860::8888 - 2001:4860:4860::8844 strongswan_enabled_plugins: - aes - gcm - hmac - kernel-netlink - nonce - openssl - pem - pgp - pkcs12 - pkcs7 - pkcs8 - pubkey - random - revocation - sha2 - socket-default - stroke - x509 ipsec_config: dpdaction: 'clear' dpddelay: '35s' rekey: 'no' keyexchange: 'ikev2' compress: 'yes' fragmentation: 'yes' # IP address for the proxy and the local dns resolver local_service_ip: 172.16.0.1 pkcs12_PayloadCertificateUUID: "{{ 900000 | random | to_uuid | upper }}" VPN_PayloadIdentifier: "{{ 800000 | random | to_uuid | upper }}" CA_PayloadIdentifier: "{{ 700000 | random | to_uuid | upper }}"