thomas
/
sovereign
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
No Description
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1072 Commits
1 Branch
Tree: ee0f739b1d
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ee0f739b1d'
${ noResults }
sovereign/roles/vpn/defaults/main.yml

main.yml 1.1KB
History Raw

12345678910111213141516171819202122232425262728 
  1. # Notes about security: https://blog.g3rt.nl/openvpn-security-tips.html

  2. # Check privacy: http://witch.valdikss.org.ru/

  3. 

  4. openvpn_ip_start: "10.8.0"

  5. 

  6. openvpn_key_country:  "US"

  7. openvpn_key_province: "California"

  8. openvpn_key_city: "Beverly Hills"

  9. openvpn_key_org: "{{ domain }}"

  10. openvpn_key_ou: "{{ server_name }}"

  11. openssl_request_subject: "/C={{ openvpn_key_country }}/ST={{ openvpn_key_province }}/L={{ openvpn_key_city }}/O={{ openvpn_key_org }}/OU={{ openvpn_key_ou }}"

  12. 

  13. openvpn_days_valid: "1825"

  14. openvpn_key_size: "2048"

  15. openvpn_cipher: "AES-256-CBC"

  16. openvpn_auth_digest: "SHA512"

  17. openvpn_path: "/etc/openvpn"

  18. openvpn_ca: "{{ openvpn_path }}/ca"

  19. openvpn_dhparam: "{{ openvpn_path }}/dh{{ openvpn_key_size }}.pem"

  20. openvpn_hmac_firewall: "{{ openvpn_path }}/ta.key"

  21. openvpn_server: "{{ domain }}"

  22. openvpn_port: "1194"

  23. openvpn_protocol: "udp"

  24. openvpn_mtu: "1300"

  25. openvpn_verb: "3" # "0" for anonymity

  26. openvpn_tls_version_min: "tls-version-min 1.2"

  27. openvpn_tls_cipher: "tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"

  28. openvpn_clients: []