-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.wireguard-auth.yaml
62 lines (54 loc) · 1.29 KB
/
.wireguard-auth.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
syncInterval: 60
ipPoolStart: 172.20.0.2
region: us-west-2
dynamoDBTable: ops-vpn
# Allow internet on full tunnel connections. If true; also adds a deny for RFC1918 networks
allowInternet: true
server:
extInterface: ens5
wgInterface: wg0
privateKey: ABCD1234789278930091237=
port: 51820
smtp:
enabled: true
from: DevOps <[email protected]>
server: smtp.example.com
port: 25
body: "Attached is your VPN profile. Please open with the Wireguard GUI"
authLogin: false
username: ""
password: ""
# For duo MFA
mfa:
ikey: HUIOUIQIOWEIOMQWIOE
skey: cjiejieu1AjLjZ92920GbNokeoikeokokeoiI
host: api-123456.duosecurity.com
splunk:
enabled: false
token: abcd-1234-1234-abcd-12345
server: splunk.example.com
index: main
source: vpn
sourcetype: audit
loki:
enabled: true
pushURL: https://domain.com/loki/api/v1/push
basicAuth: 12345:eyJtoken
clientConfig:
# Routes to be pushed to user
routes:
- 172.16.0.0/12
- 10.128.0.0/10
dns: 8.8.8.8
# server address and port
serverAddress: wireguard.example.com:51820
# Rule profiles. Easily add in certain groups. Proto and port are optional
# ruleProfiles:
# supportUsers:
# - route: 10.190.0.0/24
# proto: tcp
# port: 80
# - route: 10.190.0.0/24
# proto: tcp
# port: 443
# - route: 172.16.0.0/24