mirror of
https://github.com/trailofbits/algo.git
synced 2025-04-19 15:47:11 +02:00
i dunno lol
This commit is contained in:
Dan Guido
parent
c4f39262af
commit
e2f4f8704e
1 changed files with 3 additions and 3 deletions
6
vpn.yml
6
vpn.yml
|
|
@ -11,10 +11,10 @@
|
|||
- name: Do not accept ICMP redirects (prevent MITM attacks)
|
||||
sysctl: name=net.ipv4.conf.all.accept_redirects value=0
|
||||
|
||||
- name: Do not accept ICMP redirects (prevent MITM attacks)
|
||||
- name: Do not send ICMP redirects (we are not a router)
|
||||
sysctl: name=net.ipv4.conf.all.send_redirects value=0
|
||||
|
||||
- name: Needed so that IPSEC traffic can traverse the tunnel
|
||||
- name: Configure iptables so IPSec traffic can traverse the tunnel
|
||||
iptables: table=nat chain=POSTROUTING source=10.0.0.0/24 out_interface=eth0 jump=MASQUERADE
|
||||
|
||||
- name: Setup the ipsec.conf file from our template
|
||||
|
|
@ -25,4 +25,4 @@
|
|||
register: ipsec_psk
|
||||
|
||||
- name: Setup the ipsec.secrets file with users and passwords
|
||||
template: src=ipsec.secrets.j2 dest=/etc/ipsec.secrets owner=root group=root mode=600
|
||||
template: src=ipsec.secrets.j2 dest=/etc/ipsec.secrets owner=root group=root mode=600
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue