From aa56bf6523aaf4b99ed1fc6fa467bda5551e59bf Mon Sep 17 00:00:00 2001 From: Jesse Luehrs Date: Fri, 24 Apr 2020 02:14:09 -0400 Subject: update algo config diff --- bin/helpers/algo-config.diff | 52 ++++++++++++++++++++++++-------------------- 1 file changed, 28 insertions(+), 24 deletions(-) (limited to 'bin/helpers') diff --git a/bin/helpers/algo-config.diff b/bin/helpers/algo-config.diff index 0d054ab..e8181a4 100644 --- a/bin/helpers/algo-config.diff +++ b/bin/helpers/algo-config.diff @@ -1,10 +1,10 @@ diff --git i/config.cfg w/config.cfg -index bf65e45..1dedb60 100644 +index 6446398..671062a 100644 --- i/config.cfg +++ w/config.cfg -@@ -5,9 +5,11 @@ - # You can generate up to 250 users at one time. +@@ -6,9 +6,11 @@ # Usernames with leading 0's or containing only numbers should be escaped in double quotes, e.g. "000dan" or "123". + # Emails are not allowed users: + - hush + - partofme @@ -14,27 +14,18 @@ index bf65e45..1dedb60 100644 + - tozt + - mail - ### Advanced users only below this line ### + ### Review these options BEFORE you run Algo, as they are very difficult/impossible to change after the server is deployed. -@@ -22,7 +24,7 @@ keys_clean_all: False - clean_environment: false +@@ -17,7 +19,7 @@ users: + ssh_port: 4160 # Deploy StrongSwan to enable IPsec support -ipsec_enabled: true +ipsec_enabled: false - # StrongSwan log level - # https://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration -@@ -40,7 +42,7 @@ wireguard_port: 51820 - # If you're behind NAT or a firewall and you want to receive incoming connections long after network traffic has gone silent. - # This option will keep the "connection" open in the eyes of NAT. - # See: https://www.wireguard.com/quickstart/#nat-and-firewall-traversal-persistence --wireguard_PersistentKeepalive: 0 -+wireguard_PersistentKeepalive: 25 - - # WireGuard network configuration - wireguard_network_ipv4: 10.19.49.0/24 -@@ -53,7 +55,7 @@ wireguard_network_ipv6: fd9d:bc11:4021::/48 + # Deploy WireGuard + # WireGuard will listen on 51820/UDP. You might need to change to another port +@@ -40,7 +42,7 @@ alternative_ingress_ip: false # automatically based on your server, but if connections hang you might need to # adjust this yourself. # See: https://github.com/trailofbits/algo/blob/master/docs/troubleshooting.md#various-websites-appear-to-be-offline-through-the-vpn @@ -43,7 +34,16 @@ index bf65e45..1dedb60 100644 # Algo will use the following lists to block ads. You can add new block lists # after deployment by modifying the line starting "BLOCKLIST_URLS=" at: -@@ -102,11 +104,11 @@ local_service_ipv6: "{{ 'fd00::1' | ipmath(1048573 | random(seed=algo_server_nam +@@ -60,7 +62,7 @@ dns_encryption: true + # connected clients to reach each other, as well as other computers on the + # same LAN as your Algo server (i.e. the "road warrior" setup). In this + # case, you may also want to enable SMB/CIFS and NETBIOS traffic below. +-BetweenClients_DROP: true ++BetweenClients_DROP: false + + # Block SMB/CIFS traffic + block_smb: true +@@ -74,7 +76,7 @@ block_netbios: true # which case a reboot will take place if necessary at the time specified (as # HH:MM) in the time zone of your Algo server. The default time zone is UTC. unattended_reboot: @@ -51,9 +51,13 @@ index bf65e45..1dedb60 100644 + enabled: true time: 06:00 - # Block traffic between connected clients --BetweenClients_DROP: true -+BetweenClients_DROP: false + ### Advanced users only below this line ### +@@ -122,7 +124,7 @@ strongswan_network_ipv6: 'fd9d:bc11:4020::/48' + # If you're behind NAT or a firewall and you want to receive incoming connections long after network traffic has gone silent. + # This option will keep the "connection" open in the eyes of NAT. + # See: https://www.wireguard.com/quickstart/#nat-and-firewall-traversal-persistence +-wireguard_PersistentKeepalive: 0 ++wireguard_PersistentKeepalive: 25 - congrats: - common: | + # WireGuard network configuration + wireguard_network_ipv4: 10.19.49.0/24 -- cgit v1.2.3-54-g00ecf