blob: 0d054ab08024346351392d8e8d313d91446c5ff6 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
diff --git i/config.cfg w/config.cfg
index bf65e45..1dedb60 100644
--- i/config.cfg
+++ w/config.cfg
@@ -5,9 +5,11 @@
# You can generate up to 250 users at one time.
# Usernames with leading 0's or containing only numbers should be escaped in double quotes, e.g. "000dan" or "123".
users:
+ - hush
+ - partofme
- phone
- - laptop
- - desktop
+ - tozt
+ - mail
### Advanced users only below this line ###
@@ -22,7 +24,7 @@ keys_clean_all: False
clean_environment: false
# Deploy StrongSwan to enable IPsec support
-ipsec_enabled: true
+ipsec_enabled: false
# StrongSwan log level
# https://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration
@@ -40,7 +42,7 @@ wireguard_port: 51820
# If you're behind NAT or a firewall and you want to receive incoming connections long after network traffic has gone silent.
# This option will keep the "connection" open in the eyes of NAT.
# See: https://www.wireguard.com/quickstart/#nat-and-firewall-traversal-persistence
-wireguard_PersistentKeepalive: 0
+wireguard_PersistentKeepalive: 25
# WireGuard network configuration
wireguard_network_ipv4: 10.19.49.0/24
@@ -53,7 +55,7 @@ wireguard_network_ipv6: fd9d:bc11:4021::/48
# automatically based on your server, but if connections hang you might need to
# adjust this yourself.
# See: https://github.com/trailofbits/algo/blob/master/docs/troubleshooting.md#various-websites-appear-to-be-offline-through-the-vpn
-reduce_mtu: 0
+reduce_mtu: 184
# Algo will use the following lists to block ads. You can add new block lists
# after deployment by modifying the line starting "BLOCKLIST_URLS=" at:
@@ -102,11 +104,11 @@ local_service_ipv6: "{{ 'fd00::1' | ipmath(1048573 | random(seed=algo_server_nam
# which case a reboot will take place if necessary at the time specified (as
# HH:MM) in the time zone of your Algo server. The default time zone is UTC.
unattended_reboot:
- enabled: false
+ enabled: true
time: 06:00
# Block traffic between connected clients
-BetweenClients_DROP: true
+BetweenClients_DROP: false
congrats:
common: |
|