Filipp Frizzy 9 lat temu
rodzic
commit
651b0fd655
1 zmienionych plików z 9 dodań i 2 usunięć
  1. 9
    2
      vars/defaults.yml

+ 9
- 2
vars/defaults.yml Wyświetl plik

@@ -81,6 +81,8 @@ owncloud_db_database: owncloud
81 81
 tarsnap_version: 1.0.36.1
82 82
 
83 83
 # vpn
84
+# Notes about security: https://blog.g3rt.nl/openvpn-security-tips.html
85
+# Check privacy: http://witch.valdikss.org.ru/
84 86
 # openvpn_key_country: (required)
85 87
 # openvpn_key_province: (required)
86 88
 # openvpn_key_city: (required)
@@ -89,8 +91,8 @@ tarsnap_version: 1.0.36.1
89 91
 openvpn_days_valid: "1825"
90 92
 openssl_request_subject: "/C={{ openvpn_key_country }}/ST={{ openvpn_key_province }}/L={{ openvpn_key_city }}/O={{ openvpn_key_org }}/OU={{ openvpn_key_ou }}"
91 93
 openvpn_key_size: "2048"
92
-openvpn_cipher: "BF-CBC"
93
-openvpn_auth_digest: "SHA1"
94
+openvpn_cipher: "AES-256-CBC"
95
+openvpn_auth_digest: "SHA512"
94 96
 openvpn_path: "/etc/openvpn"
95 97
 openvpn_ca: "{{ openvpn_path }}/ca"
96 98
 openvpn_dhparam: "{{ openvpn_path }}/dh{{ openvpn_key_size }}.pem"
@@ -98,6 +100,11 @@ openvpn_hmac_firewall: "{{ openvpn_path }}/ta.key"
98 100
 openvpn_server: "{{ domain }}"
99 101
 openvpn_port: "1194"
100 102
 openvpn_protocol: "udp"
103
+openvpn_mtu: "1300"
104
+openvpn_verb: "3" # "0" for anonymity
105
+# uncomment for openvpn 2.3.3 and >2.3.4
106
+openvpn_tls_version_min: "" # "tls-version-min 1.2"
107
+openvpn_tls_cipher: "" # "tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
101 108
 # openvpn_clients: (required)
102 109
 
103 110
 # webmail

Ładowanie…
Anuluj
Zapisz