wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-06-07 15:43:54 +02:00
Code Issues Projects Releases Wiki Activity

Disable wireguard PersistentKeepalive by default (#1338)

Browse source
This commit is contained in:
Jack Ivanov 2019-02-25 17:56:19 +01:00 committed by GitHub
parent bfe168d31c
commit 216cd09dcf
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 8 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
config.cfg
View file

@ -22,6 +22,10 @@ vpn_network: 10.19.48.0/24
vpn_network_ipv6: 'fd9d:bc11:4020::/48' vpn_network_ipv6: 'fd9d:bc11:4020::/48'
wireguard_enabled: true wireguard_enabled: true
wireguard_port: 51820 wireguard_port: 51820
# If you're behind NAT or a firewall and you want to receive incoming connections long after network traffic has gone silent.
# This option will keep the "connection" open in the eyes of NAT.
# See: https://www.wireguard.com/quickstart/#nat-and-firewall-traversal-persistence
wireguard_PersistentKeepalive: 0
# Reduce the MTU of the VPN tunnel # Reduce the MTU of the VPN tunnel
# Some cloud and internet providers use a smaller MTU (Maximum Transmission # Some cloud and internet providers use a smaller MTU (Maximum Transmission

1
roles/wireguard/defaults/main.yml
View file

@ -1,3 +1,4 @@
--- ---
wireguard_PersistentKeepalive: 0
wireguard_client_ip: "{{ wireguard_network_ipv4['clients_range'] }}.{{ wireguard_network_ipv4['clients_start'] + index|int + 1 }}/{{ wireguard_network_ipv4['prefix'] }}{% if ipv6_support %},{{ wireguard_network_ipv6['clients_range'] }}{{ wireguard_network_ipv6['clients_start'] + index|int + 1 }}/{{ wireguard_network_ipv6['prefix'] }}{% endif %}" wireguard_client_ip: "{{ wireguard_network_ipv4['clients_range'] }}.{{ wireguard_network_ipv4['clients_start'] + index|int + 1 }}/{{ wireguard_network_ipv4['prefix'] }}{% if ipv6_support %},{{ wireguard_network_ipv6['clients_range'] }}{{ wireguard_network_ipv6['clients_start'] + index|int + 1 }}/{{ wireguard_network_ipv6['prefix'] }}{% endif %}"
wireguard_server_ip: "{{ wireguard_network_ipv4['gateway'] }}/{{ wireguard_network_ipv4['prefix'] }}{% if ipv6_support %},{{ wireguard_network_ipv6['gateway'] }}/{{ wireguard_network_ipv6['prefix'] }}{% endif %}" wireguard_server_ip: "{{ wireguard_network_ipv4['gateway'] }}/{{ wireguard_network_ipv4['prefix'] }}{% if ipv6_support %},{{ wireguard_network_ipv6['gateway'] }}/{{ wireguard_network_ipv6['prefix'] }}{% endif %}"

2
roles/wireguard/templates/client.conf.j2
View file

@ -9,4 +9,4 @@ DNS = {{ wireguard_dns_servers }}
PublicKey = {{ lookup('file', wireguard_config_path + '/public/' + IP_subject_alt_name) }} PublicKey = {{ lookup('file', wireguard_config_path + '/public/' + IP_subject_alt_name) }}
AllowedIPs = 0.0.0.0/0, ::/0 AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = {{ IP_subject_alt_name }}:{{ wireguard_port }} Endpoint = {{ IP_subject_alt_name }}:{{ wireguard_port }}
PersistentKeepalive = 25 {{ 'PersistentKeepalive = ' + wireguard_PersistentKeepalive|string if wireguard_PersistentKeepalive > 0 else '' }}