thomas
/
sovereign
Beobachten 1
Favorisieren 0
Fork 0
Code Issues 0 Pull-Requests 0 Releases 0 Wiki Aktivität
Keine Beschreibung
Du kannst nicht mehr als 25 Themen auswählen Themen müssen mit entweder einem Buchstaben oder einer Ziffer beginnen. Sie können Bindestriche („-“) enthalten und bis zu 35 Zeichen lang sein.
22 Commits
1 Branch
Struktur: adfd624617
Branches Tags
${ item.name }
Erstelle Branch ${ searchTerm }
von „adfd624617“
${ noResults }
sovereign/roles/vpn/tasks/openvpn.yml

openvpn.yml 2.0KB
Verlauf Originalformat

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263 
  1. ---

  2. # Installs the OpenVPN virtual private network server.

  3. # ref: https://library.linode.com/networking/openvpn/debian-6-squeeze

  4. 

  5. - name: Install OpenVPN and dependencies from apt

  6.   apt: pkg=$item state=installed

  7.   with_items:

  8.     - openvpn

  9.     - udev

  10.     - dnsmasq

  11. 

  12. - name: Copy setup scripts into place

  13.   command: cp -R /usr/share/doc/openvpn/examples/easy-rsa/ /etc/openvpn

  14. 

  15. - name: Put easy-rsa parameter settings in place

  16.   template: src=etc_openvpn_easy-rsa_2.0_vars.j2 dest=/etc/openvpn/easy-rsa/2.0/vars

  17. 

  18. ###### manually:

  19. # cd /etc/openvpn/easy-rsa/2.0/

  20. # . /etc/openvpn/easy-rsa/2.0/vars

  21. # . /etc/openvpn/easy-rsa/2.0/clean-all

  22. # . /etc/openvpn/easy-rsa/2.0/build-ca

  23. # . /etc/openvpn/easy-rsa/2.0/build-key-server server

  24. #

  25. # for each client:

  26. # . /etc/openvpn/easy-rsa/2.0/build-key $client_name

  27. #####

  28. 

  29. - name: Generate Diffie-Hellman parameters

  30.   command: . /etc/openvpn/easy-rsa/2.0/build-dh creates=/etc/openvpn/easy-rsa/2.0/keys/dh1024.pem

  31. 

  32. - name: Copy certificates and key files into place

  33.   command: cp /etc/openvpn/easy-rsa/2.0/keys/$item /etc/openvpn creates=/etc/openvpn/$item

  34.   with_items:

  35.     - ca.crt

  36.     - ca.key

  37.     - dh1024.pem

  38.     - server.crt

  39.     - server.key

  40. 

  41. - name: Copy rc.local with firewall and dnsmasq rules into place

  42.   copy: src=etc_rc.local dest=/etc/rc.local

  43. 

  44. - name: Enable IPv4 traffic forwarding

  45.   lineinfile: dest=/etc/sysctl.conf regexp="^net.ipv4.ip_forward" line="net.ipv4.ip_forward=1"

  46. - command: echo 1 > /proc/sys/net/ipv4/ip_forward

  47. 

  48. - name: Allow OpenVPN through firewall

  49.   command: $item

  50.   with_items:

  51.     - iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

  52.     - iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT

  53.     - iptables -A FORWARD -j REJECT

  54.     - iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

  55. 

  56. - name: Copy OpenVPN configuration file into place

  57.   template: src=etc_openvpn_server.conf.j2 dest=/etc/openvpn/server.conf

  58.   notify: restart openvpn

  59. 

  60. - name: Copy dnsmasq configuration file into place

  61.   copy: src=etc_dnsmasq.conf dest=/etc/dnsmasq.conf

  62.   notify: restart dnsmasq