algo/config.cfg
2016-12-06 20:14:08 +03:00

71 lines
1.5 KiB
INI

---
# Add as many users as you want for your VPN server here
users:
- dan
- jack
# Add an email address to send logs if you're using auditd for monitoring.
# Avoid using '+' in your email address otherwise auditd will fail to start.
auditd_action_mail_acct: email@example.com
# Exported certificates will be protected by the password below:
easyrsa_p12_export_password: vpnpws
### Advanced users only below this line ###
easyrsa_dir: /opt/easy-rsa-ipsec
easyrsa_ca_expire: 3650
easyrsa_cert_expire: 3650
# If True re-init all existing certificates. (True or False)
easyrsa_reinit_existent: False
vpn_network: 10.19.48.0/24
vpn_network_ipv6: 'fd9d:bc11:4020::/48'
# https://www.sixxs.net/tools/whois/?fd9d:bc11:4020::/48
server_name: "{{ ansible_ssh_host }}"
IP_subject_alt_name: "{{ ansible_ssh_host }}"
dns_servers:
- 8.8.8.8
- 8.8.4.4
- 2001:4860:4860::8888
- 2001:4860:4860::8844
strongswan_enabled_plugins:
- aes
- gcm
- hmac
- kernel-netlink
- nonce
- openssl
- pem
- pgp
- pkcs12
- pkcs7
- pkcs8
- pubkey
- random
- revocation
- sha2
- socket-default
- stroke
- x509
ipsec_config:
dpdaction: 'clear'
dpddelay: '35s'
rekey: 'no'
keyexchange: 'ikev2'
compress: 'yes'
fragmentation: 'yes'
# IP address for the proxy and the local dns resolver
local_service_ip: 172.16.0.1
pkcs12_PayloadCertificateUUID: "{{ 900000 | random | to_uuid | upper }}"
VPN_PayloadIdentifier: "{{ 800000 | random | to_uuid | upper }}"
CA_PayloadIdentifier: "{{ 700000 | random | to_uuid | upper }}"