Browse Source

update openvpn variables

Notes about security: https://blog.g3rt.nl/openvpn-security-tips.html
Check privacy: http://witch.valdikss.org.ru/
Filipp Frizzy 9 years ago
parent
commit
651b0fd655
1 changed files with 9 additions and 2 deletions
  1. 9
    2
      vars/defaults.yml

+ 9
- 2
vars/defaults.yml View File

81
 tarsnap_version: 1.0.36.1
81
 tarsnap_version: 1.0.36.1
82
 
82
 
83
 # vpn
83
 # vpn
84
+# Notes about security: https://blog.g3rt.nl/openvpn-security-tips.html
85
+# Check privacy: http://witch.valdikss.org.ru/
84
 # openvpn_key_country: (required)
86
 # openvpn_key_country: (required)
85
 # openvpn_key_province: (required)
87
 # openvpn_key_province: (required)
86
 # openvpn_key_city: (required)
88
 # openvpn_key_city: (required)
89
 openvpn_days_valid: "1825"
91
 openvpn_days_valid: "1825"
90
 openssl_request_subject: "/C={{ openvpn_key_country }}/ST={{ openvpn_key_province }}/L={{ openvpn_key_city }}/O={{ openvpn_key_org }}/OU={{ openvpn_key_ou }}"
92
 openssl_request_subject: "/C={{ openvpn_key_country }}/ST={{ openvpn_key_province }}/L={{ openvpn_key_city }}/O={{ openvpn_key_org }}/OU={{ openvpn_key_ou }}"
91
 openvpn_key_size: "2048"
93
 openvpn_key_size: "2048"
92
-openvpn_cipher: "BF-CBC"
93
-openvpn_auth_digest: "SHA1"
94
+openvpn_cipher: "AES-256-CBC"
95
+openvpn_auth_digest: "SHA512"
94
 openvpn_path: "/etc/openvpn"
96
 openvpn_path: "/etc/openvpn"
95
 openvpn_ca: "{{ openvpn_path }}/ca"
97
 openvpn_ca: "{{ openvpn_path }}/ca"
96
 openvpn_dhparam: "{{ openvpn_path }}/dh{{ openvpn_key_size }}.pem"
98
 openvpn_dhparam: "{{ openvpn_path }}/dh{{ openvpn_key_size }}.pem"
98
 openvpn_server: "{{ domain }}"
100
 openvpn_server: "{{ domain }}"
99
 openvpn_port: "1194"
101
 openvpn_port: "1194"
100
 openvpn_protocol: "udp"
102
 openvpn_protocol: "udp"
103
+openvpn_mtu: "1300"
104
+openvpn_verb: "3" # "0" for anonymity
105
+# uncomment for openvpn 2.3.3 and >2.3.4
106
+openvpn_tls_version_min: "" # "tls-version-min 1.2"
107
+openvpn_tls_cipher: "" # "tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
101
 # openvpn_clients: (required)
108
 # openvpn_clients: (required)
102
 
109
 
103
 # webmail
110
 # webmail

Loading…
Cancel
Save