1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
diff --git i/config.cfg w/config.cfg
index bee023f..c23c723 100644
--- i/config.cfg
+++ w/config.cfg
@@ -6,9 +6,12 @@
# User names with leading 0's or containing only numbers should be escaped in double quotes, e.g. "000dan" or "123".
# Email addresses are not allowed.
users:
+ - hush
+ - partofme
- phone
- - laptop
- - desktop
+ - tozt
+ - mail
+ - hornet
### Review these options BEFORE you run Algo, as they are very difficult/impossible to change after the server is deployed.
@@ -17,7 +20,7 @@ users:
ssh_port: 4160
# Deploy StrongSwan to enable IPsec support
-ipsec_enabled: true
+ipsec_enabled: false
# Deploy WireGuard
# WireGuard will listen on 51820/UDP. You might need to change to another port
@@ -40,7 +43,7 @@ alternative_ingress_ip: false
# automatically based on your server, but if connections hang you might need to
# adjust this yourself.
# See: https://github.com/trailofbits/algo/blob/master/docs/troubleshooting.md#various-websites-appear-to-be-offline-through-the-vpn
-reduce_mtu: 0
+reduce_mtu: 184
# Algo will use the following lists to block ads. You can add new block lists
# after deployment by modifying the line starting "BLOCKLIST_URLS=" at:
@@ -59,7 +62,7 @@ dns_encryption: true
# connected clients to reach each other, as well as other computers on the
# same LAN as your Algo server (i.e. the "road warrior" setup). In this
# case, you may also want to enable SMB/CIFS and NETBIOS traffic below.
-BetweenClients_DROP: true
+BetweenClients_DROP: false
# Block SMB/CIFS traffic
block_smb: true
@@ -73,7 +76,7 @@ block_netbios: true
# which case a reboot will take place if necessary at the time specified (as
# HH:MM) in the time zone of your Algo server. The default time zone is UTC.
unattended_reboot:
- enabled: false
+ enabled: true
time: 06:00
### Advanced users only below this line ###
@@ -122,7 +125,7 @@ strongswan_network_ipv6: '2001:db8:4160::/48'
# If you're behind NAT or a firewall and you want to receive incoming connections long after network traffic has gone silent.
# This option will keep the "connection" open in the eyes of NAT.
# See: https://www.wireguard.com/quickstart/#nat-and-firewall-traversal-persistence
-wireguard_PersistentKeepalive: 0
+wireguard_PersistentKeepalive: 25
# WireGuard network configuration
wireguard_network_ipv4: 10.49.0.0/16
|