algo/config.cfg
Nima Fatemi 7cb2197d16 Avoid using + for email address
using + in email add (eg email+auditd@domain.tld) would cause auditd fail to start
see #117
2016-10-28 19:48:28 +00:00

69 lines
1.4 KiB
INI

---
# Add as many users as you want for your VPN server here
users:
- dan
- jack
# Add an email address to send logs if you're using auditd for monitoring.
# Avoid using '+' in your email address otherwise auditd will fail to start.
auditd_action_mail_acct: email@example.com
# Exported certificates will be protected by the password below:
easyrsa_p12_export_password: vpnpws
### Advanced users only below this line ###
easyrsa_dir: /opt/easy-rsa-ipsec
easyrsa_ca_expire: 3650
easyrsa_cert_expire: 3650
# If True re-init all existing certificates. (True or False)
easyrsa_reinit_existent: False
vpn_network: 10.19.48.0/24
vpn_network_ipv6: 'fd9d:bc11:4020::/48'
# https://www.sixxs.net/tools/whois/?fd9d:bc11:4020::/48
server_name: "{{ ansible_ssh_host }}"
IP_subject_alt_name: "{{ ansible_ssh_host }}"
dns_servers:
- 8.8.8.8
- 8.8.4.4
- 2001:4860:4860::8888
- 2001:4860:4860::8844
strongswan_enabled_plugins:
- aes
- gcm
- hmac
- kernel-netlink
- nonce
- openssl
- pem
- pgp
- pkcs12
- pkcs7
- pkcs8
- pubkey
- random
- revocation
- sha2
- socket-default
- stroke
- x509
ipsec_config:
dpdaction: 'clear'
dpddelay: '35s'
rekey: 'no'
keyexchange: 'ikev2'
ike: 'aes128gcm16-sha2_256-prfsha256-ecp256!'
esp: 'aes128gcm16-sha2_256-ecp256!'
compress: 'yes'
fragmentation: 'yes'
# IP address for the proxy and the local dns resolver
local_service_ip: 172.16.0.1