mirror of
https://github.com/trailofbits/algo.git
synced 2025-04-25 02:32:43 +02:00
0ef1b5d8da
Though the algo ssh key names are in the config file at the bottom, they don't seem to be displayed, and are easy to miss for new users.
86 lines
2.4 KiB
INI
86 lines
2.4 KiB
INI
---
|
|
|
|
# Add as many users as you want for your VPN server here
|
|
users:
|
|
- dan
|
|
- jack
|
|
|
|
# Add an email address to send logs if you're using auditd for monitoring.
|
|
# Avoid using '+' in your email address otherwise auditd will fail to start.
|
|
auditd_action_mail_acct: email@example.com
|
|
|
|
### Advanced users only below this line ###
|
|
|
|
easyrsa_dir: /opt/easy-rsa-ipsec
|
|
easyrsa_ca_expire: 3650
|
|
easyrsa_cert_expire: 3650
|
|
|
|
# If True re-init all existing certificates. (True or False)
|
|
easyrsa_reinit_existent: False
|
|
|
|
vpn_network: 10.19.48.0/24
|
|
vpn_network_ipv6: 'fd9d:bc11:4020::/48'
|
|
# https://www.sixxs.net/tools/whois/?fd9d:bc11:4020::/48
|
|
server_name: "{{ ansible_ssh_host }}"
|
|
IP_subject_alt_name: "{{ ansible_ssh_host }}"
|
|
|
|
dns_servers:
|
|
ipv4:
|
|
- 8.8.8.8
|
|
- 8.8.4.4
|
|
ipv6:
|
|
- 2001:4860:4860::8888
|
|
- 2001:4860:4860::8844
|
|
|
|
strongswan_enabled_plugins:
|
|
- aes
|
|
- gcm
|
|
- hmac
|
|
- kernel-netlink
|
|
- nonce
|
|
- openssl
|
|
- pem
|
|
- pgp
|
|
- pkcs12
|
|
- pkcs7
|
|
- pkcs8
|
|
- pubkey
|
|
- random
|
|
- revocation
|
|
- sha2
|
|
- socket-default
|
|
- stroke
|
|
- x509
|
|
|
|
ec2_vpc_nets:
|
|
cidr_block: 172.251.0.0/23
|
|
subnet_cidr: 172.251.1.0/24
|
|
|
|
# IP address for the proxy and the local dns resolver
|
|
local_service_ip: 172.16.0.1
|
|
|
|
pkcs12_PayloadCertificateUUID: "{{ 900000 | random | to_uuid | upper }}"
|
|
VPN_PayloadIdentifier: "{{ 800000 | random | to_uuid | upper }}"
|
|
CA_PayloadIdentifier: "{{ 700000 | random | to_uuid | upper }}"
|
|
|
|
# Block traffic between connected clients
|
|
|
|
BetweenClients_DROP: Y
|
|
|
|
congrats: |
|
|
"#----------------------------------------------------------------------#"
|
|
"# Congratulations! #"
|
|
"# Your Algo server is running. #"
|
|
"# Config files and certificates are in the ./configs/ directory. #"
|
|
"# Go to https://whoer.net/ after connecting #"
|
|
"# and ensure that all your traffic passes through the VPN. #"
|
|
"# Local DNS resolver and Proxy IP address: {{ local_service_ip }} #"
|
|
"# The p12 password is {{ easyrsa_p12_export_password }} #"
|
|
"# The CA key password is {{ easyrsa_CA_password }} #"
|
|
"# Shell access: ssh -i algo.pem root@{{ ansible_ssh_host }} #"
|
|
"#----------------------------------------------------------------------#"
|
|
|
|
SSH_keys:
|
|
comment: algo@ssh
|
|
private: configs/algo.pem
|
|
public: configs/algo.pem.pub
|