roles/dch-openvpn-server: Use firemon_networks

The routes to FireMon networks are now defined using the
`firemon_networks` Ansible variable. The global `iroute` and
client-specific `route` options are generated from the CIDR blocks
specified in this list.

roles/dch-openvpn-server/tasks/main.yml

@@ -24,12 +24,12 @@
     mode=0755
     state=directory
 - name: ensure openvpn client config files are set
-  copy:
+  template:
     src={{ item }}
-    dest=/etc/openvpn/server/clients/{{ item|basename }}
+    dest=/etc/openvpn/server/clients/{{ (item|basename|splitext)[0] }}
     mode=0640
   notify: restart pyrocufflink openvpn server
-  with_fileglob: 'clients/*'
+  with_fileglob: '../templates/clients/*.j2'
 
 - name: ensure openvpn ca certificate is installed
   copy:

roles/dch-openvpn-server/templates/clients/dhatch-d4b.securepassage.com.j2

@@ -1,6 +1,6 @@
 ifconfig-push 172.30.0.210 255.255.255.240
-iroute 192.168.0.0 255.255.0.0
+{% for net in firemon_networks %}
-iroute 172.16.0.0 255.255.240.0
+iroute {{ net|ipaddr('network') }} {{ net|ipaddr('netmask') }}
-iroute 172.28.33.0 255.255.255.0
+{% endfor %}
 push "route 172.30.0.0 255.255.255.192 172.30.0.209"
 push "route 172.31.0.0 255.255.255.224 172.30.0.209"

roles/dch-openvpn-server/templates/pyrocufflink.openvpn.conf.j2

@@ -12,9 +12,9 @@ dh dh2048.pem
 topology subnet
 push "topology subnet"
 ifconfig 172.30.0.209 255.255.255.240
-route 192.168.0.0 255.255.0.0 172.30.0.210
+{% for net in firemon_networks %}
-route 172.16.0.0 255.255.240.0 172.30.0.210
+route {{ net|ipaddr('network') }} {{ net|ipaddr('netmask') }} 172.30.0.210
-route 172.28.33.0 255.255.255.0 172.30.0.210
+{% endfor %}
 client-to-client
 client-config-dir clients