---

# Add as many users as you want for your VPN server here
users:
  - dan
  - jack

# Add an email address to send logs if you're using auditd for monitoring, 
auditd_action_mail_acct: email@example.com

# Exported certificates will be protected by the password below:
easyrsa_p12_export_password: vpnpws


### Advanced users only below this line ###

easyrsa_dir: /opt/easy-rsa-ipsec
easyrsa_ca_expire: 3650
easyrsa_cert_expire: 3650

# If True re-init all existing certificates. (True or False)
easyrsa_reinit_existent: False

vpn_network: 10.19.48.0/24
vpn_network_ipv6: 'fd9d:bc11:4020::/48'
# https://www.sixxs.net/tools/whois/?fd9d:bc11:4020::/48
server_name: "{{ ansible_ssh_host }}"
IP_subject_alt_name: "{{ ansible_ssh_host }}"

# Enable this variable if you want to use a local DNS resolver to block ads while surfing. (True or False)
service_dns: True

# If you don't want to use a local DNS resolver (option `service_dns`) you need to define DNS servers in this list.
dns_servers:
  - 8.8.8.8
  - 8.8.4.4
  - 2001:4860:4860::8888
  - 2001:4860:4860::8844

strongswan_enabled_plugins:
  - aes
  - gcm
  - hmac
  - kernel-netlink
  - nonce
  - openssl
  - pem
  - pgp
  - pkcs12
  - pkcs7
  - pkcs8
  - pubkey
  - random
  - revocation
  - sha2
  - socket-default
  - stroke
  - x509

ipsec_config:
  dpdaction: 'clear'
  dpddelay: '35s'
  rekey: 'no'
  keyexchange: 'ikev2'
  ike: 'aes128gcm16-sha2_256-prfsha256-ecp256!'
  esp: 'aes128gcm16-sha2_256-ecp256!'
  compress: 'yes'
  fragmentation: 'yes'

# IP address for the proxy and the local dns resolver
local_service_ip: 172.16.0.1