-
Notifications
You must be signed in to change notification settings - Fork 1
/
environment.conf
112 lines (87 loc) · 4.46 KB
/
environment.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
# This is the main configuration file for the charon environment. This file needs to be configured before
# building the full environment using the "make all" command. Once the build has been completed, you
# can start the system by running "docker-compose up"
#
# Charon will attempt to detect the external IP address of the server. If that fails, or if the value is incorrect,
# please uncomment this variable and set the correct value. It should also be used if, instead of an IP address, you
# wish to use a DNS name.
#OVPN_PUBLIC_IP_ADDRESS=
# UDP port number for the OVPN server.
# Change it if your ISP provider blocks this outgoing port. Otherwise, it should be fine.
OVPN_PUBLIC_PORT=1194
# NAS port value to identify the OVPN server (as a client) to the FreeRadius server.
# The default value should not be changed. Only change if you have multiple OVPN servers.
OVPN_NAS_PORT=5
# Symmetric encryption used by OVPN. Consult the documentation for the list of supported ciphers.
# Currently, this is the strongest available. You may want to reduce it, if your client doesn't support this key size.
OVPN_CIPHER=AES-256-CBC
# Digest used by OVPN. The same remarks apply as for the symmetric encryption algorithm.
OVPN_DIGEST=SHA256
# UDP port for FreeRadius authentication.
# The default value should not be changed.
RADIUS_AUTHENTICATION_PORT=1812
# UDP port for FreeRadius accounting.
# The default value should not be changed.
RADIUS_ACCOUNTING_PORT=1813
# FreeRadius shared secret. Choose a strong password.
RADIUS_SHARED_SECRET=TheNumberOfTheBeast
# Status file for OVPN. Used to read session information.
OVPN_CLIENT_STATUS_FILE=/var/log/openvpn/openvpn-status.log
# Directory used to store client session information.
OVPN_CCD_DIRECTORY=/etc/openvpn/ccd
# Network address for client addresses
# NOTE: Do not use 10.41.0.0/16, since this block is used internally to interconnect the components
OVPN_CLIENT_POOL_NETWORK=10.51.15.0
# Network mask for client addresses, the default value should be more than enough.
OVPN_CLIENT_POOL_NETMASK=255.255.255.0
# Directory used by the accounting subprocess to store internal files.
PLUGIN_SESSIONS_DIRECTORY=/etc/openvpn/sessions
# Client DNS. Change if you have your own local DNS server. Otherwise, the default is fine.
# If you have only one address, leave the other one set to a publicly available DNS server (e.g. 8.8.8.8).
OVPN_DNS_1=8.8.8.8
OVPN_DNS_2=8.8.4.4
# Internal TCP port used to receive requests from the OVPN plugin.
# This is an interface that is only visible from within the container.
PLUGIN_INTERNAL_TCP_PORT=9000
# Shared secret for signing messages between the plugin and the accounting process.
# Although the messages are passed within the same container, pick a strong password.
PLUGIN_INTERNAL_SHARED_SECRET=SeventhSonOfTheSeventhSon
# Location on the HOST machine for files that need to be available after the containers go down
PERSISTENT_VOLUME_DIRECTORY=/opt/charon
# Information required to work with certificates - root CA
KEY_LENGTH=4096
KEY_PASSWORD=FearOfTheDark
CA_CERTIFICATE_DURATION_DAYS=3650
ROOT_CA_CN="Charon Certification Authority"
ROOT_CA_L=Cologne
ROOT_CA_OU="Charon Root CA"
ROOT_CA_O=Charon
ROOT_CA_ST=Nordrhein-Westfalen
ROOT_CA_C=DE
# Information required to work with certificates - VPN CA
OVPN_CA_CN="Charon VPN server"
# Information required to create the SSL certificate for the web server
WEB_SERVER_KEYSTORE_PASSWORD=TheLonelinessOfTheLongDistanceRunner
# Length of the prime number for Diffie-Hellman params
# The larger the number, the longer the generation is going to take.
# 2048 should be the minimum.
DH_PARAM_LENGTH=2048
# REST endpoint or name - port for the web application.
# Change this only if something else is already listening on this port.
# Otherwise, changing it makes everything more complicated.
REST_ENDPOINT_PORT=443
# root password for MySQL. This is used only to initialize the database for FreeRadius
MYSQL_ROOT_PASSWORD=TheEvilThatMenDo
# radius password for MySQL
MYSQL_RADIUS_PASSWORD=RimeOfTheAncientMariner
# MySQL information for the web application
MYSQL_WEBAPP_PASSWORD=HallowedBeThyName
MYSQL_WEBAPP_USERNAME=webapp
# Timezone of the server
SERVER_TIMEZONE=Europe/Berlin
# Information about the initial user of the application
# This user will also be the first admin of the system
# This user will not get a certificate, because the web application packages the archive.
# After you login for the first time, generate a certificate for this user.
ADMIN_USERNAME=ognjen
ADMIN_PASSWORD=BraveNewWorld