diff options
| author | Niklas Yann Wettengel <niyawe@niyawe.de> | 2017-03-18 15:13:27 +0100 |
|---|---|---|
| committer | Niklas Yann Wettengel <niyawe@niyawe.de> | 2017-03-18 15:13:27 +0100 |
| commit | 0fbee3f86b0f92f55193556945b82d51cde6d5a7 (patch) | |
| tree | 2c276aa4f2ecec0bc179340bc501f48173c81453 /roles/install_openvpn/templates | |
| parent | eb9f51f61817043d5fb3609fad922c48f84b887d (diff) | |
updated setup_fastd.yml
added features:
- configure_sysctl
- install_openvpn
Diffstat (limited to 'roles/install_openvpn/templates')
| -rw-r--r-- | roles/install_openvpn/templates/mullvad.conf.j2 | 59 | ||||
| -rw-r--r-- | roles/install_openvpn/templates/mullvad.crt.j2 | 1 | ||||
| -rw-r--r-- | roles/install_openvpn/templates/mullvad.key.j2 | 1 |
3 files changed, 61 insertions, 0 deletions
diff --git a/roles/install_openvpn/templates/mullvad.conf.j2 b/roles/install_openvpn/templates/mullvad.conf.j2 new file mode 100644 index 0000000..718ad4c --- /dev/null +++ b/roles/install_openvpn/templates/mullvad.conf.j2 @@ -0,0 +1,59 @@ +client + +dev mullvad +dev-type tun + +proto udp + +remote {{ mullvad_country }}.mullvad.net 1300 +cipher AES-256-CBC + +# Tunnel IPv6 traffic as well as IPv4 +tun-ipv6 + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# Enable compression on the VPN link. +comp-lzo + +# Set log file verbosity. +verb 3 + +remote-cert-tls server + +ping-restart 60 + +# Allow calling of built-in executables and user-defined scripts. +script-security 2 + +# Parses DHCP options from openvpn to update resolv.conf +#up /etc/openvpn/update-resolv-conf +#down /etc/openvpn/update-resolv-conf + +ping 10 + +ca /etc/openvpn/client/ca.crt +cert /etc/openvpn/client/mullvad.crt +key /etc/openvpn/client/mullvad.key + +crl-verify /etc/openvpn/client/crl.pem + +# Limit range of possible TLS cipher-suites +tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-CBC-SHA:TLS-DHE-RSA-WITH-SEED-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA + +# Update routing information. +# Do not use standard configuration pushed via DHCP! +route-noexec +up /etc/openvpn/client/mullvad-up.sh diff --git a/roles/install_openvpn/templates/mullvad.crt.j2 b/roles/install_openvpn/templates/mullvad.crt.j2 new file mode 100644 index 0000000..b6e95f8 --- /dev/null +++ b/roles/install_openvpn/templates/mullvad.crt.j2 @@ -0,0 +1 @@ +{{ mullvad_crt }} diff --git a/roles/install_openvpn/templates/mullvad.key.j2 b/roles/install_openvpn/templates/mullvad.key.j2 new file mode 100644 index 0000000..b90d5f5 --- /dev/null +++ b/roles/install_openvpn/templates/mullvad.key.j2 @@ -0,0 +1 @@ +{{ mullvad_key }} |