mirror of https://github.com/trailofbits/algo
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
65 lines
1.8 KiB
YAML
65 lines
1.8 KiB
YAML
---
|
|
BetweenClients_DROP: true
|
|
wireguard_config_path: "configs/{{ IP_subject_alt_name }}/wireguard/"
|
|
wireguard_interface: wg0
|
|
wireguard_network_ipv4:
|
|
subnet: 10.19.49.0
|
|
prefix: 24
|
|
gateway: 10.19.49.1
|
|
clients_range: 10.19.49
|
|
clients_start: 100
|
|
wireguard_network_ipv6:
|
|
subnet: 'fd9d:bc11:4021::'
|
|
prefix: 48
|
|
gateway: 'fd9d:bc11:4021::1'
|
|
clients_range: 'fd9d:bc11:4021::'
|
|
clients_start: 100
|
|
wireguard_vpn_network: "{{ wireguard_network_ipv4['subnet'] }}/{{ wireguard_network_ipv4['prefix'] }}"
|
|
wireguard_vpn_network_ipv6: "{{ wireguard_network_ipv6['subnet'] }}/{{ wireguard_network_ipv6['prefix'] }}"
|
|
keys_clean_all: false
|
|
wireguard_dns_servers: >-
|
|
{% if local_dns|default(false)|bool or dns_encryption|default(false)|bool == true %}
|
|
{{ local_service_ip }}
|
|
{% else %}
|
|
{% for host in dns_servers.ipv4 %}{{ host }}{% if not loop.last %},{% endif %}{% endfor %}{% if ipv6_support %},{% for host in dns_servers.ipv6 %}{{ host }}{% if not loop.last %},{% endif %}{% endfor %}{% endif %}
|
|
{% endif %}
|
|
|
|
algo_ondemand_cellular: false
|
|
algo_ondemand_wifi: false
|
|
algo_ondemand_wifi_exclude: '_null'
|
|
algo_windows: false
|
|
algo_store_cakey: false
|
|
algo_local_dns: false
|
|
ipv6_support: false
|
|
dns_encryption: true
|
|
domain: false
|
|
subjectAltName_IP: "IP:{{ IP_subject_alt_name }}"
|
|
openssl_bin: openssl
|
|
strongswan_enabled_plugins:
|
|
- aes
|
|
- gcm
|
|
- hmac
|
|
- kernel-netlink
|
|
- nonce
|
|
- openssl
|
|
- pem
|
|
- pgp
|
|
- pkcs12
|
|
- pkcs7
|
|
- pkcs8
|
|
- pubkey
|
|
- random
|
|
- revocation
|
|
- sha2
|
|
- socket-default
|
|
- stroke
|
|
- x509
|
|
|
|
ciphers:
|
|
defaults:
|
|
ike: aes256gcm16-prfsha512-ecp384!
|
|
esp: aes256gcm16-ecp384!
|
|
compat:
|
|
ike: aes256gcm16-prfsha512-ecp384,aes256-sha2_512-prfsha512-ecp384,aes256-sha2_384-prfsha384-ecp384!
|
|
esp: aes256gcm16-ecp384,aes256-sha2_512-prfsha512-ecp384!
|