No Description
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

main.yml 1.4KB

1234567891011121314151617181920212223242526272829303132
  1. # Notes about security: https://blog.g3rt.nl/openvpn-security-tips.html
  2. # Check privacy: http://witch.valdikss.org.ru/
  3. openvpn_key_country: "US"
  4. openvpn_key_province: "California"
  5. openvpn_key_city: "Beverly Hills"
  6. openvpn_key_org: "{{ domain }}"
  7. openvpn_key_ou: "{{ server_name }}"
  8. openssl_request_subject: "/C={{ openvpn_key_country }}/ST={{ openvpn_key_province }}/L={{ openvpn_key_city }}/O={{ openvpn_key_org }}/OU={{ openvpn_key_ou }}"
  9. openvpn_days_valid: "1825"
  10. openvpn_key_size: "2048"
  11. openvpn_cipher: "AES-256-CBC"
  12. openvpn_auth_digest: "SHA512"
  13. openvpn_path: "/etc/openvpn"
  14. openvpn_ca: "{{ openvpn_path }}/ca"
  15. openvpn_dhparam: "{{ openvpn_path }}/dh{{ openvpn_key_size }}.pem"
  16. openvpn_hmac_firewall: "{{ openvpn_path }}/ta.key"
  17. openvpn_server: "{{ domain }}"
  18. openvpn_port: "1194"
  19. openvpn_protocol: "udp"
  20. openvpn_mtu: "1300"
  21. openvpn_verb: "3" # "0" for anonymity
  22. openvpn_tls_version_min: "tls-version-min 1.2"
  23. openvpn_tls_cipher: "tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
  24. openvpn_clients: []
  25. openvpn_ip_start: "10.8.0" # VPN Net XX.XX.XX.ZZ, server is always XX.XX.XX.1. Enter XX.XX.XX here. using /24
  26. openvpn_enable_sub_routing: 0
  27. openvpn_sub_routing_client: "nas"
  28. openvpn_sub_routing_network: "192.168.0.0"
  29. openvpn_enable_custom_dns: 0
  30. openvpn_custom_dns: ""