From 0fbee3f86b0f92f55193556945b82d51cde6d5a7 Mon Sep 17 00:00:00 2001 From: Niklas Yann Wettengel Date: Sat, 18 Mar 2017 15:13:27 +0100 Subject: updated setup_fastd.yml added features: - configure_sysctl - install_openvpn --- roles/install_openvpn/templates/mullvad.conf.j2 | 59 +++++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 roles/install_openvpn/templates/mullvad.conf.j2 (limited to 'roles/install_openvpn/templates/mullvad.conf.j2') diff --git a/roles/install_openvpn/templates/mullvad.conf.j2 b/roles/install_openvpn/templates/mullvad.conf.j2 new file mode 100644 index 0000000..718ad4c --- /dev/null +++ b/roles/install_openvpn/templates/mullvad.conf.j2 @@ -0,0 +1,59 @@ +client + +dev mullvad +dev-type tun + +proto udp + +remote {{ mullvad_country }}.mullvad.net 1300 +cipher AES-256-CBC + +# Tunnel IPv6 traffic as well as IPv4 +tun-ipv6 + +# Keep trying indefinitely to resolve the +# host name of the OpenVPN server. Very useful +# on machines which are not permanently connected +# to the internet such as laptops. +resolv-retry infinite + +# Most clients don't need to bind to +# a specific local port number. +nobind + +# Try to preserve some state across restarts. +persist-key +persist-tun + +# Enable compression on the VPN link. +comp-lzo + +# Set log file verbosity. +verb 3 + +remote-cert-tls server + +ping-restart 60 + +# Allow calling of built-in executables and user-defined scripts. +script-security 2 + +# Parses DHCP options from openvpn to update resolv.conf +#up /etc/openvpn/update-resolv-conf +#down /etc/openvpn/update-resolv-conf + +ping 10 + +ca /etc/openvpn/client/ca.crt +cert /etc/openvpn/client/mullvad.crt +key /etc/openvpn/client/mullvad.key + +crl-verify /etc/openvpn/client/crl.pem + +# Limit range of possible TLS cipher-suites +tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-CBC-SHA:TLS-DHE-RSA-WITH-SEED-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA + +# Update routing information. +# Do not use standard configuration pushed via DHCP! +route-noexec +up /etc/openvpn/client/mullvad-up.sh -- cgit v1.2.3-54-g00ecf