1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
{
"service_type": "user_service",
"x509": {
"use": true,
"client_ca_cert": "= file :client_ca_cert, :missing => 'Certificate Authority. Run `leap cert ca`'",
"dh": "= file :dh_params, :missing => 'Diffie-Hellman parameters. Run `leap cert dh`'"
},
"location": null,
"openvpn": {
"gateway_address": "REQUIRED",
"second_gateway_address": "= openvpn.allow_limited && openvpn.allow_unlimited ? 'REQUIRED' : nil",
"ports": ["80", "443", "53", "1194"],
"protocols": ["tcp", "udp"],
"filter_dns": false,
"adblock": false,
"user_ips": false,
"allow_limited": "= provider.service.allow_limited_bandwidth",
"allow_unlimited": "= provider.service.allow_unlimited_bandwidth",
"limited_prefix": "= provider.ca.client_certificates.limited_prefix",
"unlimited_prefix": "= provider.ca.client_certificates.unlimited_prefix",
"rate_limit": "= openvpn.allow_limited ? provider.service.bandwidth_limit : nil",
"configuration": {
"tls-cipher": "DHE-RSA-AES128-SHA",
"auth": "SHA1",
"cipher": "AES-128-CBC",
"keepalive": "10 30",
"tun-ipv6": true,
"fragment": 1500
}
},
"obfsproxy": {
"scramblesuit": {
"password": "= base32_secret('scramblesuit_password_'+name)",
"port" : "= rand_range('scramblesuit_port_'+name, 18000..32000)"
},
"gateway_address": "= openvpn.gateway_address"
},
"firewall": {
"vpn": {
"from": "*",
"to": "= openvpn.gateway_address",
"port": "= openvpn.ports + [obfsproxy.scramblesuit.port]"
}
}
}
|
