| 1234567891011121314151617181920212223242526272829303132 |
- # Notes about security: https://blog.g3rt.nl/openvpn-security-tips.html
- # Check privacy: http://witch.valdikss.org.ru/
-
- openvpn_key_country: "US"
- openvpn_key_province: "California"
- openvpn_key_city: "Beverly Hills"
- openvpn_key_org: "{{ domain }}"
- openvpn_key_ou: "{{ server_name }}"
- openssl_request_subject: "/C={{ openvpn_key_country }}/ST={{ openvpn_key_province }}/L={{ openvpn_key_city }}/O={{ openvpn_key_org }}/OU={{ openvpn_key_ou }}"
-
- openvpn_days_valid: "1825"
- openvpn_key_size: "2048"
- openvpn_cipher: "AES-256-CBC"
- openvpn_auth_digest: "SHA512"
- openvpn_path: "/etc/openvpn"
- openvpn_ca: "{{ openvpn_path }}/ca"
- openvpn_dhparam: "{{ openvpn_path }}/dh{{ openvpn_key_size }}.pem"
- openvpn_hmac_firewall: "{{ openvpn_path }}/ta.key"
- openvpn_server: "{{ domain }}"
- openvpn_port: "1194"
- openvpn_protocol: "udp"
- openvpn_mtu: "1300"
- openvpn_verb: "3" # "0" for anonymity
- openvpn_tls_version_min: "tls-version-min 1.2"
- openvpn_tls_cipher: "tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
- openvpn_clients: []
- openvpn_ip_start: "10.8.0" # VPN Net XX.XX.XX.ZZ, server is always XX.XX.XX.1. Enter XX.XX.XX here. using /24
- openvpn_enable_sub_routing: 0
- openvpn_sub_routing_client: "nas"
- openvpn_sub_routing_network: "192.168.0.0"
- openvpn_enable_custom_dns: 0
- openvpn_custom_dns: ""
|
