From 07356697c8f679e43d42f4d19d9961d6e44225fe Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Sun, 26 Aug 2018 17:03:54 -0500 Subject: [PATCH] roles/dch-openvpn-server: Use firemon_networks The routes to FireMon networks are now defined using the `firemon_networks` Ansible variable. The global `iroute` and client-specific `route` options are generated from the CIDR blocks specified in this list. --- roles/dch-openvpn-server/tasks/main.yml | 6 +++--- .../clients/dhatch-d4b.securepassage.com.j2} | 6 +++--- .../templates/pyrocufflink.openvpn.conf.j2 | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) rename roles/dch-openvpn-server/{files/clients/dhatch-d4b.securepassage.com => templates/clients/dhatch-d4b.securepassage.com.j2} (57%) diff --git a/roles/dch-openvpn-server/tasks/main.yml b/roles/dch-openvpn-server/tasks/main.yml index d4c6bdb..f61a137 100644 --- a/roles/dch-openvpn-server/tasks/main.yml +++ b/roles/dch-openvpn-server/tasks/main.yml @@ -24,12 +24,12 @@ mode=0755 state=directory - name: ensure openvpn client config files are set - copy: + template: src={{ item }} - dest=/etc/openvpn/server/clients/{{ item|basename }} + dest=/etc/openvpn/server/clients/{{ (item|basename|splitext)[0] }} mode=0640 notify: restart pyrocufflink openvpn server - with_fileglob: 'clients/*' + with_fileglob: '../templates/clients/*.j2' - name: ensure openvpn ca certificate is installed copy: diff --git a/roles/dch-openvpn-server/files/clients/dhatch-d4b.securepassage.com b/roles/dch-openvpn-server/templates/clients/dhatch-d4b.securepassage.com.j2 similarity index 57% rename from roles/dch-openvpn-server/files/clients/dhatch-d4b.securepassage.com rename to roles/dch-openvpn-server/templates/clients/dhatch-d4b.securepassage.com.j2 index 877e1e6..748d0d9 100644 --- a/roles/dch-openvpn-server/files/clients/dhatch-d4b.securepassage.com +++ b/roles/dch-openvpn-server/templates/clients/dhatch-d4b.securepassage.com.j2 @@ -1,6 +1,6 @@ ifconfig-push 172.30.0.210 255.255.255.240 -iroute 192.168.0.0 255.255.0.0 -iroute 172.16.0.0 255.255.240.0 -iroute 172.28.33.0 255.255.255.0 +{% for net in firemon_networks %} +iroute {{ net|ipaddr('network') }} {{ net|ipaddr('netmask') }} +{% endfor %} push "route 172.30.0.0 255.255.255.192 172.30.0.209" push "route 172.31.0.0 255.255.255.224 172.30.0.209" diff --git a/roles/dch-openvpn-server/templates/pyrocufflink.openvpn.conf.j2 b/roles/dch-openvpn-server/templates/pyrocufflink.openvpn.conf.j2 index e26f79b..2fdfff8 100644 --- a/roles/dch-openvpn-server/templates/pyrocufflink.openvpn.conf.j2 +++ b/roles/dch-openvpn-server/templates/pyrocufflink.openvpn.conf.j2 @@ -12,9 +12,9 @@ dh dh2048.pem topology subnet push "topology subnet" ifconfig 172.30.0.209 255.255.255.240 -route 192.168.0.0 255.255.0.0 172.30.0.210 -route 172.16.0.0 255.255.240.0 172.30.0.210 -route 172.28.33.0 255.255.255.0 172.30.0.210 +{% for net in firemon_networks %} +route {{ net|ipaddr('network') }} {{ net|ipaddr('netmask') }} 172.30.0.210 +{% endfor %} client-to-client client-config-dir clients