# Notes about security: https://blog.g3rt.nl/openvpn-security-tips.html # Check privacy: http://witch.valdikss.org.ru/ openvpn_key_country: "US" openvpn_key_province: "California" openvpn_key_city: "Beverly Hills" openvpn_key_org: "{{ domain }}" openvpn_key_ou: "{{ server_name }}" openssl_request_subject: "/C={{ openvpn_key_country }}/ST={{ openvpn_key_province }}/L={{ openvpn_key_city }}/O={{ openvpn_key_org }}/OU={{ openvpn_key_ou }}" openvpn_days_valid: "1825" openvpn_key_size: "2048" openvpn_cipher: "AES-256-CBC" openvpn_auth_digest: "SHA512" openvpn_path: "/etc/openvpn" openvpn_ca: "{{ openvpn_path }}/ca" openvpn_dhparam: "{{ openvpn_path }}/dh{{ openvpn_key_size }}.pem" openvpn_hmac_firewall: "{{ openvpn_path }}/ta.key" openvpn_server: "{{ domain }}" openvpn_port: "1194" openvpn_protocol: "udp" openvpn_mtu: "1300" openvpn_verb: "3" # "0" for anonymity openvpn_tls_version_min: "tls-version-min 1.2" openvpn_tls_cipher: "tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" openvpn_clients: [] openvpn_ip_start: "10.8.0" # VPN Net XX.XX.XX.ZZ, server is always XX.XX.XX.1. Enter XX.XX.XX here. using /24 openvpn_enable_sub_routing: 0 openvpn_sub_routing_client: "nas" openvpn_sub_routing_network: "192.168.0.0" openvpn_enable_custom_dns: 0 openvpn_custom_dns: ""