From 42b8d2e54fec44c8a284eb90338da6b03561487a Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Sun, 20 May 2018 12:58:07 -0500 Subject: [PATCH] roles/dch-vpn-server: Deploy pyrocufflink VPN The *dch-vpn-server* role configures strongSwan to act as an IPsec responder for `vpn.pyrocufflink.net` and provide an IKEv2/IPsec VPN for remote access clients, as well as the reverse VPN to FireMon. --- roles/dch-vpn-server/files/certs/dch-ca.crt | 133 ++++++++++++++ .../files/certs/dch-root-ca.crt | 119 +++++++++++++ roles/dch-vpn-server/files/certs/openssl.cnf | 20 +++ .../files/certs/vpn.pyrocufflink.net.cer | 129 ++++++++++++++ .../files/certs/vpn.pyrocufflink.net.key | 167 ++++++++++++++++++ .../files/vpn.pyrocufflink.net.ipsec.conf | 29 +++ .../files/vpn.pyrocufflink.net.secret | 1 + roles/dch-vpn-server/meta/main.yml | 2 + roles/dch-vpn-server/tasks/main.yml | 39 ++++ 9 files changed, 639 insertions(+) create mode 100644 roles/dch-vpn-server/files/certs/dch-ca.crt create mode 100644 roles/dch-vpn-server/files/certs/dch-root-ca.crt create mode 100644 roles/dch-vpn-server/files/certs/openssl.cnf create mode 100644 roles/dch-vpn-server/files/certs/vpn.pyrocufflink.net.cer create mode 100644 roles/dch-vpn-server/files/certs/vpn.pyrocufflink.net.key create mode 100644 roles/dch-vpn-server/files/vpn.pyrocufflink.net.ipsec.conf create mode 100644 roles/dch-vpn-server/files/vpn.pyrocufflink.net.secret create mode 100644 roles/dch-vpn-server/meta/main.yml create mode 100644 roles/dch-vpn-server/tasks/main.yml diff --git a/roles/dch-vpn-server/files/certs/dch-ca.crt b/roles/dch-vpn-server/files/certs/dch-ca.crt new file mode 100644 index 0000000..2a29fbc --- /dev/null +++ b/roles/dch-vpn-server/files/certs/dch-ca.crt @@ -0,0 +1,133 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 12:ae:b5:db:96:be:43:b8:8d:31:11:f4:42:91:ef:ee + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = US, O = Dustin C. Hatch, CN = DCH Root CA R1 + Validity + Not Before: Feb 21 13:04:10 2018 GMT + Not After : Feb 20 13:04:10 2023 GMT + Subject: C = US, O = Dustin C. Hatch, CN = DCH CA R1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:c1:dd:56:e7:5c:9b:65:e0:50:24:39:ba:cd:26: + 4e:6c:db:0a:41:ed:d1:10:46:31:b9:ea:e9:5d:04: + f5:8a:21:5a:8b:6e:5c:5c:23:e2:eb:ea:57:8c:fc: + ad:a0:c6:34:a1:2f:31:0a:4b:43:5a:b3:70:de:e9: + 12:57:01:0b:c2:d2:df:c1:74:ea:c3:1d:10:95:a4: + 86:9f:71:a5:9f:7a:b4:5e:68:58:dd:57:0f:b5:55: + b9:fb:89:6d:e7:3e:fd:92:c1:64:5b:7b:94:19:2e: + c7:d0:71:42:11:b8:d8:a5:9d:87:1f:d7:6b:8b:cb: + d9:76:32:5a:08:79:82:2b:36:ea:3c:79:ce:70:6d: + e3:40:e5:36:17:cf:1b:00:33:63:68:78:27:5a:be: + 78:c2:01:92:08:00:2c:f6:08:bb:bf:5f:a4:77:60: + 05:c2:1f:e3:21:db:96:d8:c0:b7:0a:72:a5:06:b4: + 6e:d3:ee:d6:91:7e:47:fc:4a:1a:98:6a:3a:11:28: + 9e:5e:61:02:2c:3d:c9:98:44:a0:9c:8b:19:69:46: + f5:22:32:09:f8:ab:b6:2d:a0:d7:59:61:13:65:2e: + 5e:a3:64:7f:bf:4f:2c:94:e6:23:fc:f4:ef:3b:14: + 8f:7c:7a:e0:44:53:67:ff:58:f9:1c:68:a4:36:ca: + 62:52:46:38:12:a7:ce:64:9b:a1:32:cd:39:b9:f2: + 55:47:2c:fa:c8:55:b8:2f:28:45:9a:fc:fc:cd:64: + 54:fa:5f:19:fa:7e:dd:b1:e5:cf:65:18:a8:d2:8f: + 34:16:83:f4:26:30:e1:a3:7f:b5:44:a0:d1:33:fe: + 03:f2:3b:b2:4b:38:c0:e9:b2:03:e6:f4:18:1f:09: + 63:e7:dd:26:dc:ec:9e:2b:a3:43:64:d8:fe:d1:76: + c0:c6:a9:92:1a:fa:01:07:15:73:4a:80:09:fa:02: + 3e:83:7f:12:bc:00:1f:53:43:04:9e:7f:ac:2f:ff: + e9:cc:f2:06:fe:86:ce:8d:67:46:27:d0:48:de:75: + 74:da:c2:18:0c:91:30:11:5c:cf:8e:1b:79:b2:94: + c8:5e:4b:76:1c:da:88:ef:e8:42:f7:4f:b5:9b:76: + fe:1c:b7:1d:ba:b2:0e:b0:db:29:4e:a1:48:03:c8: + 0a:62:ab:a0:a5:19:86:ae:19:e8:72:35:0f:72:f0: + dd:1f:1d:29:6a:f2:8d:d4:1d:3e:fc:60:b0:cc:2c: + 52:96:2a:f1:b4:5f:ac:d4:5a:e5:05:fc:86:61:e2: + 5d:d7:4a:14:ff:f8:e8:60:64:fa:b1:5a:5e:70:d2: + 5b:f9:e7:c4:e1:ae:12:d0:6a:48:90:4b:72:19:9d: + 92:ef:85 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + X509v3 Key Usage: + Digital Signature, Certificate Sign, CRL Sign + Authority Information Access: + CA Issuers - URI:http://dustin.hatch.name/dch-ca/dch-root-ca.cer + + X509v3 Authority Key Identifier: + keyid:C7:BF:DF:C7:69:05:A9:E8:E3:3E:DB:CE:E6:47:CE:92:2D:27:11:6A + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://dustin.hatch.name/dch-ca/dch-ca.crl + + X509v3 Subject Key Identifier: + EC:79:C5:08:B7:1E:0A:67:C6:E0:34:31:3C:79:D9:D6:83:D9:49:DC + Signature Algorithm: sha256WithRSAEncryption + 83:c2:82:7e:fe:a1:c3:c8:47:af:1e:f4:34:53:4f:cd:82:f1: + 4b:2c:4b:a5:cb:94:a6:d3:5b:e0:77:f1:fd:1a:05:46:47:19: + 43:72:91:b0:95:7e:ad:e0:65:34:47:23:26:09:12:c9:82:c0: + 3a:2a:e2:92:e4:e6:c8:07:d0:a0:a9:11:d7:3c:ec:68:99:9c: + 88:13:62:0e:0f:d4:78:7a:26:04:ec:80:65:18:ba:0d:a9:8c: + 36:0c:af:5c:69:19:04:ac:ea:c0:3c:6e:06:f6:c7:65:ab:89: + fc:83:70:55:85:3e:86:db:77:59:dc:bd:87:7f:cd:e4:da:65: + ab:94:22:ce:a1:7f:a0:12:56:5a:04:8d:c4:86:cc:77:ee:14: + c5:89:bd:d5:9c:92:61:45:74:60:4c:d9:bd:a1:5a:05:8c:ca: + 07:89:95:3f:56:ba:e0:ed:c2:b1:70:fe:ae:bd:a1:b3:db:2e: + 9c:91:fa:69:de:1f:4f:bf:bc:1b:d2:35:9f:2b:80:53:be:6e: + 44:3c:c6:1e:f2:15:42:ad:05:56:27:19:d0:d1:e0:b9:af:5a: + f3:ae:60:e8:bd:84:c0:49:bd:be:0b:d3:87:4e:af:4e:59:7c: + 50:27:8b:85:ed:1f:1c:88:6d:34:d8:83:e3:13:56:20:f7:ba: + a1:72:4c:1a:21:3a:1f:dc:0c:b5:35:1a:e5:46:e6:66:7f:05: + 90:79:ee:80:48:ea:7a:8c:12:ea:68:4c:c4:f7:6a:83:b2:4b: + ed:ca:16:98:33:4e:ce:5e:8b:a8:f3:05:b0:6c:67:ab:57:69: + 24:02:7b:dd:48:4c:35:58:53:15:21:a1:bc:cd:b2:91:f0:cd: + 11:44:96:0e:2e:5f:43:88:a1:fc:33:c7:27:46:6d:25:69:23: + d6:17:4c:ee:68:9f:d9:12:86:cb:d1:37:d9:42:bb:1f:35:65: + 0c:c0:d1:58:d5:63:35:f0:1c:2d:3b:e1:a2:0f:a7:51:2a:5c: + 53:d3:ba:b9:db:92:5a:59:e5:35:b7:c9:f9:b5:ff:bb:a2:e3: + b3:cb:ef:fd:94:36:00:c7:a5:f0:b5:f0:e7:05:b8:df:c0:e7: + 61:dc:75:a7:d2:73:f3:15:75:7c:5e:d9:38:17:ad:f7:a8:de: + 29:d3:f0:c4:5b:86:be:b9:9d:37:72:fc:65:c8:1f:95:b5:9b: + 5d:d6:78:a1:33:09:bd:30:2d:aa:15:72:ee:16:5a:b4:aa:d9: + 30:d4:6c:43:03:c3:ea:d0:d4:fc:cf:ce:a7:95:6d:dd:7d:20: + a1:60:4d:30:84:74:3b:3a:46:15:8c:78:e8:31:3b:e3:18:36: + bc:96:4f:f6:9f:48:e4:87 +-----BEGIN CERTIFICATE----- +MIIF9DCCA9ygAwIBAgIQEq6125a+Q7iNMRH0QpHv7jANBgkqhkiG9w0BAQsFADBA +MQswCQYDVQQGEwJVUzEYMBYGA1UECgwPRHVzdGluIEMuIEhhdGNoMRcwFQYDVQQD +DA5EQ0ggUm9vdCBDQSBSMTAeFw0xODAyMjExMzA0MTBaFw0yMzAyMjAxMzA0MTBa +MDsxCzAJBgNVBAYTAlVTMRgwFgYDVQQKDA9EdXN0aW4gQy4gSGF0Y2gxEjAQBgNV +BAMMCURDSCBDQSBSMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMHd +Vudcm2XgUCQ5us0mTmzbCkHt0RBGMbnq6V0E9YohWotuXFwj4uvqV4z8raDGNKEv +MQpLQ1qzcN7pElcBC8LS38F06sMdEJWkhp9xpZ96tF5oWN1XD7VVufuJbec+/ZLB +ZFt7lBkux9BxQhG42KWdhx/Xa4vL2XYyWgh5gis26jx5znBt40DlNhfPGwAzY2h4 +J1q+eMIBkggALPYIu79fpHdgBcIf4yHbltjAtwpypQa0btPu1pF+R/xKGphqOhEo +nl5hAiw9yZhEoJyLGWlG9SIyCfirti2g11lhE2UuXqNkf79PLJTmI/z07zsUj3x6 +4ERTZ/9Y+RxopDbKYlJGOBKnzmSboTLNObnyVUcs+shVuC8oRZr8/M1kVPpfGfp+ +3bHlz2UYqNKPNBaD9CYw4aN/tUSg0TP+A/I7sks4wOmyA+b0GB8JY+fdJtzsniuj +Q2TY/tF2wMapkhr6AQcVc0qACfoCPoN/ErwAH1NDBJ5/rC//6czyBv6Gzo1nRifQ +SN51dNrCGAyRMBFcz44bebKUyF5LdhzaiO/oQvdPtZt2/hy3HbqyDrDbKU6hSAPI +CmKroKUZhq4Z6HI1D3Lw3R8dKWryjdQdPvxgsMwsUpYq8bRfrNRa5QX8hmHiXddK +FP/46GBk+rFaXnDSW/nnxOGuEtBqSJBLchmdku+FAgMBAAGjge4wgeswEgYDVR0T +AQH/BAgwBgEB/wIBADALBgNVHQ8EBAMCAYYwSwYIKwYBBQUHAQEEPzA9MDsGCCsG +AQUFBzAChi9odHRwOi8vZHVzdGluLmhhdGNoLm5hbWUvZGNoLWNhL2RjaC1yb290 +LWNhLmNlcjAfBgNVHSMEGDAWgBTHv9/HaQWp6OM+287mR86SLScRajA7BgNVHR8E +NDAyMDCgLqAshipodHRwOi8vZHVzdGluLmhhdGNoLm5hbWUvZGNoLWNhL2RjaC1j +YS5jcmwwHQYDVR0OBBYEFOx5xQi3HgpnxuA0MTx52daD2UncMA0GCSqGSIb3DQEB +CwUAA4ICAQCDwoJ+/qHDyEevHvQ0U0/NgvFLLEuly5Sm01vgd/H9GgVGRxlDcpGw +lX6t4GU0RyMmCRLJgsA6KuKS5ObIB9CgqRHXPOxomZyIE2IOD9R4eiYE7IBlGLoN +qYw2DK9caRkErOrAPG4G9sdlq4n8g3BVhT6G23dZ3L2Hf83k2mWrlCLOoX+gElZa +BI3Ehsx37hTFib3VnJJhRXRgTNm9oVoFjMoHiZU/Vrrg7cKxcP6uvaGz2y6ckfpp +3h9Pv7wb0jWfK4BTvm5EPMYe8hVCrQVWJxnQ0eC5r1rzrmDovYTASb2+C9OHTq9O +WXxQJ4uF7R8ciG002IPjE1Yg97qhckwaITof3Ay1NRrlRuZmfwWQee6ASOp6jBLq +aEzE92qDskvtyhaYM07OXouo8wWwbGerV2kkAnvdSEw1WFMVIaG8zbKR8M0RRJYO +Ll9DiKH8M8cnRm0laSPWF0zuaJ/ZEobL0TfZQrsfNWUMwNFY1WM18BwtO+GiD6dR +KlxT07q525JaWeU1t8n5tf+7ouOzy+/9lDYAx6XwtfDnBbjfwOdh3HWn0nPzFXV8 +Xtk4F633qN4p0/DEW4a+uZ03cvxlyB+VtZtd1nihMwm9MC2qFXLuFlq0qtkw1GxD +A8Pq0NT8z86nlW3dfSChYE0whHQ7OkYVjHjoMTvjGDa8lk/2n0jkhw== +-----END CERTIFICATE----- diff --git a/roles/dch-vpn-server/files/certs/dch-root-ca.crt b/roles/dch-vpn-server/files/certs/dch-root-ca.crt new file mode 100644 index 0000000..f1e6706 --- /dev/null +++ b/roles/dch-vpn-server/files/certs/dch-root-ca.crt @@ -0,0 +1,119 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + dd:bd:2c:48:e1:89:43:d8:8a:ae:6c:74:81:dd:39:64 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = US, O = Dustin C. Hatch, CN = DCH Root CA R1 + Validity + Not Before: Feb 21 12:05:04 2018 GMT + Not After : Feb 16 12:05:04 2038 GMT + Subject: C = US, O = Dustin C. Hatch, CN = DCH Root CA R1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:c6:1e:d9:7c:58:4c:92:fe:03:cf:4b:56:0c:6e: + a8:2a:53:7c:50:86:2a:c4:ff:20:36:15:60:ff:bc: + d6:af:b2:f5:b0:12:c3:d3:ae:92:7d:74:ba:cb:be: + 84:5c:f8:97:7d:6f:9c:53:b5:8e:75:d0:96:66:53: + 98:18:82:ce:61:83:a8:5d:69:4c:9d:17:54:f6:6b: + a7:ed:55:d7:1b:d6:7d:03:58:42:90:63:2e:a3:fa: + 53:68:33:46:87:06:24:c2:26:8b:fd:18:eb:99:4e: + 1c:b6:a4:c7:ab:75:0e:e3:57:e9:01:e0:2a:4d:de: + 3d:cd:57:27:2a:d3:8a:91:04:0c:32:47:a6:1f:6c: + 5d:08:ee:d4:62:3d:24:f0:13:26:9a:52:af:15:f6: + 85:1a:d8:a9:99:4e:01:1b:33:83:6a:53:af:9d:90: + 63:dd:02:7c:04:49:24:8f:22:7a:12:38:93:b9:9a: + 54:7a:b6:9a:8a:e4:64:df:11:25:3a:d9:1f:ff:28: + 3a:12:44:15:7e:4d:75:e6:a0:f0:94:d1:be:e2:b3: + 54:a8:86:1c:a6:49:ff:1c:63:80:39:ea:17:5e:2f: + 4a:73:8f:98:ce:ed:b0:fa:45:31:fb:db:05:10:0e: + 95:79:8b:9c:a2:d5:d7:ac:4a:d7:36:49:f5:bd:27: + ad:04:86:76:7a:07:b3:04:bf:4e:36:c8:0c:b4:2b: + 31:c4:c0:86:f6:14:cc:41:42:f5:1c:26:4e:45:6e: + 62:b6:4f:74:ad:66:32:d3:be:d3:62:81:e3:a3:61: + 3c:69:9a:ef:55:41:a6:5e:53:d8:56:c5:45:a6:84: + 7b:0b:cd:fe:7c:ba:dc:69:bb:0a:20:94:c8:fd:7a: + e5:18:4b:50:60:cc:7c:d9:b5:5e:10:9c:f7:6e:5d: + f6:57:81:82:1f:53:6e:81:7c:c1:ba:79:ad:e4:d7: + da:47:16:9f:21:d1:3e:c2:9f:34:e3:ac:f4:c7:df: + a6:82:3b:69:fb:91:5b:26:63:8d:ed:92:58:3b:ae: + 0f:a6:b0:5e:15:d6:4c:3f:0b:78:74:d0:72:4f:2b: + 47:57:0e:4d:2b:d9:20:1a:3a:b6:bc:61:49:37:54: + 93:61:90:1c:8b:91:d0:94:f4:4a:92:41:35:0a:b6: + 11:85:4d:ab:44:c9:69:8d:c3:cb:b9:b2:4d:30:e6: + 51:67:29:2b:3f:00:cf:ea:b4:86:7f:3e:44:51:cc: + ac:a6:99:d1:6d:25:47:61:c2:49:ea:4a:13:b0:f4: + 5f:f5:b6:4f:17:0b:4a:a2:6c:3c:da:33:28:0f:ef: + bb:52:05:38:3b:41:36:b1:4a:3b:36:b8:a4:74:5e: + 5d:b9:81 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + C7:BF:DF:C7:69:05:A9:E8:E3:3E:DB:CE:E6:47:CE:92:2D:27:11:6A + Signature Algorithm: sha256WithRSAEncryption + 53:15:96:21:e0:8a:fb:1d:1f:cf:ed:9b:df:cf:ea:7d:42:51: + bd:01:c5:08:86:83:0f:8f:66:39:55:c2:28:1e:bb:3a:ca:d1: + cf:91:cd:cd:cf:cb:3f:ad:6a:9a:ac:f9:7c:28:20:e8:8a:de: + 55:51:12:cb:2e:41:e2:b4:88:c1:65:65:57:50:f7:0d:05:12: + 78:5c:7f:1a:4f:26:5e:00:d8:af:f0:d6:d9:8c:27:56:dc:de: + c4:ba:ff:3a:8d:ef:19:21:c6:63:da:26:ac:f1:1d:ba:04:1e: + ac:41:6d:bb:9d:b7:c3:b5:9a:90:c1:60:2d:a8:b6:df:fe:f7: + e6:0b:41:62:e5:ee:8e:2c:0a:60:05:b5:9e:9f:9c:74:07:6e: + 92:bc:bc:a5:86:23:58:d1:f9:b6:d4:be:15:1b:17:4a:48:89: + 3a:07:7f:85:88:92:ab:4d:50:6a:ee:8a:a4:a7:41:06:83:c6: + 87:f9:e9:fa:e0:ee:62:c4:30:77:5d:f6:0a:86:71:06:bf:97: + e9:e0:35:62:4d:1b:d9:91:e1:d9:f0:bb:99:38:a1:57:35:35: + 89:63:08:b9:61:0c:28:3c:2f:48:b0:75:70:57:73:11:04:f7: + 60:f2:b5:5f:4c:15:6a:ae:f3:6f:3b:7c:da:07:5b:db:6f:b0: + cd:38:52:8d:d3:f8:6a:09:2b:6d:f2:ba:62:cb:ad:55:54:a5: + d3:c4:ce:39:97:44:19:2b:67:17:6b:f2:16:84:4c:08:b8:09: + 82:c9:6e:5d:de:28:db:51:a0:00:a3:f4:4f:d5:64:26:4b:96: + d7:9d:03:a7:60:3c:0b:d9:2b:ce:6e:b9:3f:02:b9:31:53:79: + 70:e5:5e:89:a1:88:4c:32:ed:3a:84:1c:b7:0d:dc:56:04:ba: + b4:4d:11:8e:c3:5d:d8:08:09:78:9d:fe:b4:51:b5:1e:6d:c1: + 89:fe:49:f9:a8:af:ec:da:fa:ea:4e:4d:e2:d8:40:35:75:39: + 8f:f1:9f:cf:9a:d5:24:26:ec:2c:60:6d:10:d5:9b:ba:f8:22: + 49:f8:b9:95:f8:80:82:af:1e:d2:2d:f4:b8:bb:62:58:a1:4b: + 5d:4f:c8:9e:f5:d0:78:db:5a:fe:c7:dc:92:47:8e:40:7f:1c: + 8d:f0:b1:68:8a:d9:6d:89:42:de:1a:b6:8c:04:94:3b:2e:4c: + fc:b8:b6:95:59:e6:d4:91:39:31:3e:f4:f2:74:b7:92:26:8c: + 46:ba:98:ff:85:c1:70:64:e6:9c:91:4c:a9:0e:ce:07:ed:19: + 86:c6:2d:7e:2c:e1:3b:9a:8a:9f:d0:83:48:05:9d:46:5b:90: + 21:0d:fa:a0:38:15:9f:8a +-----BEGIN CERTIFICATE----- +MIIFTTCCAzWgAwIBAgIRAN29LEjhiUPYiq5sdIHdOWQwDQYJKoZIhvcNAQELBQAw +QDELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD0R1c3RpbiBDLiBIYXRjaDEXMBUGA1UE +AwwORENIIFJvb3QgQ0EgUjEwHhcNMTgwMjIxMTIwNTA0WhcNMzgwMjE2MTIwNTA0 +WjBAMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPRHVzdGluIEMuIEhhdGNoMRcwFQYD +VQQDDA5EQ0ggUm9vdCBDQSBSMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBAMYe2XxYTJL+A89LVgxuqCpTfFCGKsT/IDYVYP+81q+y9bASw9Oukn10usu+ +hFz4l31vnFO1jnXQlmZTmBiCzmGDqF1pTJ0XVPZrp+1V1xvWfQNYQpBjLqP6U2gz +RocGJMImi/0Y65lOHLakx6t1DuNX6QHgKk3ePc1XJyrTipEEDDJHph9sXQju1GI9 +JPATJppSrxX2hRrYqZlOARszg2pTr52QY90CfARJJI8iehI4k7maVHq2morkZN8R +JTrZH/8oOhJEFX5Ndeag8JTRvuKzVKiGHKZJ/xxjgDnqF14vSnOPmM7tsPpFMfvb +BRAOlXmLnKLV16xK1zZJ9b0nrQSGdnoHswS/TjbIDLQrMcTAhvYUzEFC9RwmTkVu +YrZPdK1mMtO+02KB46NhPGma71VBpl5T2FbFRaaEewvN/ny63Gm7CiCUyP165RhL +UGDMfNm1XhCc925d9leBgh9TboF8wbp5reTX2kcWnyHRPsKfNOOs9MffpoI7afuR +WyZjje2SWDuuD6awXhXWTD8LeHTQck8rR1cOTSvZIBo6trxhSTdUk2GQHIuR0JT0 +SpJBNQq2EYVNq0TJaY3Dy7myTTDmUWcpKz8Az+q0hn8+RFHMrKaZ0W0lR2HCSepK +E7D0X/W2TxcLSqJsPNozKA/vu1IFODtBNrFKOza4pHReXbmBAgMBAAGjQjBAMA8G +A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTHv9/HaQWp +6OM+287mR86SLScRajANBgkqhkiG9w0BAQsFAAOCAgEAUxWWIeCK+x0fz+2b38/q +fUJRvQHFCIaDD49mOVXCKB67OsrRz5HNzc/LP61qmqz5fCgg6IreVVESyy5B4rSI +wWVlV1D3DQUSeFx/Gk8mXgDYr/DW2YwnVtzexLr/Oo3vGSHGY9omrPEdugQerEFt +u523w7WakMFgLai23/735gtBYuXujiwKYAW1np+cdAdukry8pYYjWNH5ttS+FRsX +SkiJOgd/hYiSq01Qau6KpKdBBoPGh/np+uDuYsQwd132CoZxBr+X6eA1Yk0b2ZHh +2fC7mTihVzU1iWMIuWEMKDwvSLB1cFdzEQT3YPK1X0wVaq7zbzt82gdb22+wzThS +jdP4agkrbfK6YsutVVSl08TOOZdEGStnF2vyFoRMCLgJgsluXd4o21GgAKP0T9Vk +JkuW150Dp2A8C9krzm65PwK5MVN5cOVeiaGITDLtOoQctw3cVgS6tE0RjsNd2AgJ +eJ3+tFG1Hm3Bif5J+aiv7Nr66k5N4thANXU5j/Gfz5rVJCbsLGBtENWbuvgiSfi5 +lfiAgq8e0i30uLtiWKFLXU/InvXQeNta/sfckkeOQH8cjfCxaIrZbYlC3hq2jASU +Oy5M/Li2lVnm1JE5MT708nS3kiaMRrqY/4XBcGTmnJFMqQ7OB+0ZhsYtfizhO5qK +n9CDSAWdRluQIQ36oDgVn4o= +-----END CERTIFICATE----- diff --git a/roles/dch-vpn-server/files/certs/openssl.cnf b/roles/dch-vpn-server/files/certs/openssl.cnf new file mode 100644 index 0000000..d6f2ecf --- /dev/null +++ b/roles/dch-vpn-server/files/certs/openssl.cnf @@ -0,0 +1,20 @@ +# vim: set ft=dosini : + +[req] +prompt = no +default_md = sha256 +distinguished_name = req_distinguished_name +req_extensions = req_extensions + +[req_distinguished_name] +countryName = US +organizationName = Dustin C. Hatch +commonName = vpn.pyrocufflink.net + +[req_extensions] +subjectAltName = @alt_names + +[alt_names] +DNS.0 = vpn.pyrocufflink.net +DNS.1 = vpn.pyrocufflink.blue +DNS.2 = vpn.pyrocufflink.red diff --git a/roles/dch-vpn-server/files/certs/vpn.pyrocufflink.net.cer b/roles/dch-vpn-server/files/certs/vpn.pyrocufflink.net.cer new file mode 100644 index 0000000..a4affe5 --- /dev/null +++ b/roles/dch-vpn-server/files/certs/vpn.pyrocufflink.net.cer @@ -0,0 +1,129 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + f4:ee:98:63:45:d1:49:36:a7:f7:6f:4f:04:77:a7:ab + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, O=Dustin C. Hatch, CN=DCH CA R1 + Validity + Not Before: May 20 16:08:13 2018 GMT + Not After : May 19 16:08:13 2021 GMT + Subject: C=US, O=Dustin C. Hatch, CN=vpn.pyrocufflink.net + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:bf:e9:6c:81:21:d3:1c:14:de:86:64:e8:e6:2f: + a5:22:49:5d:a2:64:eb:b9:78:bd:2e:57:32:4d:d1: + 4a:3a:67:cc:00:3e:13:ba:be:c6:67:78:8c:71:4b: + eb:ca:3a:1f:30:10:1a:ff:7a:3c:f1:17:38:21:ae: + b3:43:5a:09:10:bc:58:11:a0:0b:5b:50:18:c6:e9: + 19:7b:e4:e7:2d:ff:0d:57:a1:9b:30:90:eb:17:02: + 14:04:3f:ab:c9:99:44:b8:66:fc:6c:42:12:29:a3: + fc:59:d9:2a:64:f0:4d:4d:e4:df:8d:60:43:fa:7a: + 9e:76:98:66:2d:01:47:13:c9:ba:f6:a1:74:55:8e: + 78:b5:d2:59:a0:e7:21:86:86:65:fb:db:d9:ee:ba: + 4e:99:16:79:ac:47:06:af:01:a3:ac:3b:22:94:a6: + 3d:13:0a:ba:5b:73:58:fc:37:22:8f:16:fd:d6:d7: + 04:0a:e0:14:fe:a6:0a:b5:bc:23:6c:fe:bd:f3:2f: + 5f:17:bd:8f:9f:c2:aa:c9:84:7a:8f:a5:51:8e:5d: + cb:f1:5c:a2:a1:b2:2c:9f:7e:ec:9e:21:78:b9:a5: + a4:98:67:bc:eb:df:50:78:9d:4f:dc:a5:34:b4:8a: + 68:e0:e5:14:ba:c4:b0:ee:71:a2:0a:93:a4:54:ad: + 88:af:ee:50:f4:d4:fe:62:df:de:2e:8d:bc:e9:4d: + 3a:6d:17:49:f2:4d:01:6a:08:fa:61:1a:a7:8b:21: + 2b:c5:bd:f0:05:48:ea:a8:cc:fc:2c:7c:2f:b6:ed: + 1b:86:ba:d2:25:f0:57:0d:80:ca:35:dd:9b:80:3f: + 51:5a:0d:76:80:f6:27:cc:4c:63:f5:48:f1:c4:83: + e0:86:69:69:69:37:d0:1e:0c:57:93:6f:c8:4e:29: + be:5c:0c:5e:ff:de:62:1b:bd:4f:20:1e:37:83:c3: + ce:65:37:46:25:62:72:b8:5f:99:8e:c3:b6:36:99: + cb:49:99:bb:5d:69:d7:7e:b1:9d:4f:8b:39:65:05: + 9a:c6:03:cd:0a:77:99:c0:27:d0:27:7b:44:f2:65: + 18:53:16:e4:9f:55:48:08:39:ed:50:9c:03:87:78: + 20:53:91:97:17:f9:66:77:81:b0:85:a2:fe:75:ad: + bc:60:a9:d1:bf:06:7d:f5:a7:48:dc:97:18:7c:23: + 5d:59:fd:c8:68:7a:f7:91:9a:0f:23:aa:37:ae:19: + 16:51:bf:0e:c2:ce:9c:eb:b0:8b:46:fd:69:6b:74: + 1b:0d:63:80:7f:da:22:b8:0a:52:85:db:6c:ef:ad: + d3:33:ab:0b:a5:5e:d3:1c:95:b7:cc:65:82:00:6b: + 1e:d5:cd + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Subject Key Identifier: + 26:D4:12:91:04:0B:49:7F:97:A7:27:46:06:4A:41:31:7A:DC:5D:55 + X509v3 Authority Key Identifier: + keyid:EC:79:C5:08:B7:1E:0A:67:C6:E0:34:31:3C:79:D9:D6:83:D9:49:DC + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 Subject Alternative Name: + DNS:vpn.pyrocufflink.net, DNS:vpn.pyrocufflink.blue, DNS:vpn.pyrocufflink.red + Signature Algorithm: sha256WithRSAEncryption + a2:3f:32:85:53:cf:23:4a:00:21:e4:4c:03:02:cc:09:09:9c: + 11:e9:bb:0a:31:70:e0:98:66:4e:19:48:1b:01:9d:54:41:07: + 2b:24:b8:bc:c0:0a:9a:7c:d3:3c:c5:11:19:42:b5:9b:0b:3c: + bb:30:4c:6d:81:24:91:25:20:26:ae:ba:b1:82:3a:f1:0d:ba: + a3:a2:a2:c1:fa:76:8b:2f:cf:3f:e5:df:5c:1b:04:cc:32:f1: + e5:a1:8b:4e:26:de:af:92:36:65:4a:b9:ce:cf:cf:a0:b8:fe: + c7:8c:88:f4:56:c9:9e:db:a4:47:6c:e4:71:6c:51:d7:ef:cc: + 39:66:a7:b6:05:82:a3:87:28:c1:e6:51:53:8a:69:e1:05:fb: + 7e:a1:71:36:55:79:1c:07:78:5c:eb:f9:15:3e:bf:25:86:c8: + c6:47:85:87:eb:77:6b:7a:90:fb:4b:3b:15:f0:ab:b2:b3:b9: + 9f:77:13:13:9b:9c:21:ae:63:9f:33:0e:ca:de:8e:ae:0d:1d: + b4:be:f2:17:55:73:31:a7:6e:4e:36:4f:8f:ea:89:cf:55:81: + 13:1c:c4:76:6e:e0:23:81:48:08:38:13:d3:6c:d1:e4:a4:e9: + c1:de:9a:22:ff:ae:be:a7:38:3c:12:46:19:7a:04:50:34:6f: + 13:9e:1c:8c:ef:27:7c:ad:94:72:1e:d4:9e:de:80:bd:a9:92: + 86:ec:b5:42:c8:3b:a7:ee:42:ee:1f:f4:77:f3:48:e7:ff:41: + 58:80:74:77:ce:ff:41:b8:4d:3b:68:34:1f:7f:74:40:2a:47: + f9:84:b2:0e:95:fa:b8:44:23:b4:c9:7f:f7:c1:22:b9:56:34: + bb:aa:41:12:23:9d:d9:93:4a:f4:b9:69:94:3e:49:2b:39:cc: + 9d:d3:18:eb:9e:5a:e3:50:b6:23:5d:e3:1e:81:d6:5d:61:cc: + c0:2a:8b:8d:4a:92:29:56:b9:34:e9:3f:a3:c0:de:e9:ca:ed: + 27:89:12:e9:98:46:8c:ef:72:f8:bd:d5:54:12:63:3f:d1:65: + 35:e6:64:90:1e:1b:7d:aa:c6:e1:32:65:b6:41:a1:ea:ee:07: + 1f:23:a3:71:df:ea:ee:c0:78:7f:43:ac:9b:b2:fb:f8:94:c8: + 54:bc:f2:66:66:06:af:f5:08:cf:99:9e:a2:4c:5c:27:81:47: + a5:9c:8a:7e:58:66:88:9b:1b:11:53:0f:d0:94:9d:12:cf:f9: + 29:38:be:1c:bb:32:f6:e0:8a:62:62:e3:5c:9f:28:a6:31:a6: + fe:6d:10:2b:28:9f:21:6a:72:1c:61:12:50:4f:ee:eb:b3:17: + 47:0f:59:73:c1:b1:0d:df +-----BEGIN CERTIFICATE----- +MIIFzjCCA7agAwIBAgIRAPTumGNF0Uk2p/dvTwR3p6swDQYJKoZIhvcNAQELBQAw +OzELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD0R1c3RpbiBDLiBIYXRjaDESMBAGA1UE +AwwJRENIIENBIFIxMB4XDTE4MDUyMDE2MDgxM1oXDTIxMDUxOTE2MDgxM1owRjEL +MAkGA1UEBhMCVVMxGDAWBgNVBAoMD0R1c3RpbiBDLiBIYXRjaDEdMBsGA1UEAwwU +dnBuLnB5cm9jdWZmbGluay5uZXQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQC/6WyBIdMcFN6GZOjmL6UiSV2iZOu5eL0uVzJN0Uo6Z8wAPhO6vsZneIxx +S+vKOh8wEBr/ejzxFzghrrNDWgkQvFgRoAtbUBjG6Rl75Oct/w1XoZswkOsXAhQE +P6vJmUS4ZvxsQhIpo/xZ2Spk8E1N5N+NYEP6ep52mGYtAUcTybr2oXRVjni10lmg +5yGGhmX729nuuk6ZFnmsRwavAaOsOyKUpj0TCrpbc1j8NyKPFv3W1wQK4BT+pgq1 +vCNs/r3zL18XvY+fwqrJhHqPpVGOXcvxXKKhsiyffuyeIXi5paSYZ7zr31B4nU/c +pTS0imjg5RS6xLDucaIKk6RUrYiv7lD01P5i394ujbzpTTptF0nyTQFqCPphGqeL +ISvFvfAFSOqozPwsfC+27RuGutIl8FcNgMo13ZuAP1FaDXaA9ifMTGP1SPHEg+CG +aWlpN9AeDFeTb8hOKb5cDF7/3mIbvU8gHjeDw85lN0YlYnK4X5mOw7Y2mctJmbtd +add+sZ1PizllBZrGA80Kd5nAJ9Ane0TyZRhTFuSfVUgIOe1QnAOHeCBTkZcX+WZ3 +gbCFov51rbxgqdG/Bn31p0jclxh8I11Z/choeveRmg8jqjeuGRZRvw7CzpzrsItG +/WlrdBsNY4B/2iK4ClKF22zvrdMzqwulXtMclbfMZYIAax7VzQIDAQABo4HBMIG+ +MAkGA1UdEwQCMAAwHQYDVR0OBBYEFCbUEpEEC0l/l6cnRgZKQTF63F1VMB8GA1Ud +IwQYMBaAFOx5xQi3HgpnxuA0MTx52daD2UncMA4GA1UdDwEB/wQEAwIFoDATBgNV +HSUEDDAKBggrBgEFBQcDATBMBgNVHREERTBDghR2cG4ucHlyb2N1ZmZsaW5rLm5l +dIIVdnBuLnB5cm9jdWZmbGluay5ibHVlghR2cG4ucHlyb2N1ZmZsaW5rLnJlZDAN +BgkqhkiG9w0BAQsFAAOCAgEAoj8yhVPPI0oAIeRMAwLMCQmcEem7CjFw4JhmThlI +GwGdVEEHKyS4vMAKmnzTPMURGUK1mws8uzBMbYEkkSUgJq66sYI68Q26o6Kiwfp2 +iy/PP+XfXBsEzDLx5aGLTiber5I2ZUq5zs/PoLj+x4yI9FbJntukR2zkcWxR1+/M +OWantgWCo4coweZRU4pp4QX7fqFxNlV5HAd4XOv5FT6/JYbIxkeFh+t3a3qQ+0s7 +FfCrsrO5n3cTE5ucIa5jnzMOyt6Org0dtL7yF1VzMaduTjZPj+qJz1WBExzEdm7g +I4FICDgT02zR5KTpwd6aIv+uvqc4PBJGGXoEUDRvE54cjO8nfK2Uch7Unt6AvamS +huy1Qsg7p+5C7h/0d/NI5/9BWIB0d87/QbhNO2g0H390QCpH+YSyDpX6uEQjtMl/ +98EiuVY0u6pBEiOd2ZNK9LlplD5JKznMndMY655a41C2I13jHoHWXWHMwCqLjUqS +KVa5NOk/o8De6crtJ4kS6ZhGjO9y+L3VVBJjP9FlNeZkkB4bfarG4TJltkGh6u4H +HyOjcd/q7sB4f0Osm7L7+JTIVLzyZmYGr/UIz5meokxcJ4FHpZyKflhmiJsbEVMP +0JSdEs/5KTi+HLsy9uCKYmLjXJ8opjGm/m0QKyifIWpyHGESUE/u67MXRw9Zc8Gx +Dd8= +-----END CERTIFICATE----- diff --git a/roles/dch-vpn-server/files/certs/vpn.pyrocufflink.net.key b/roles/dch-vpn-server/files/certs/vpn.pyrocufflink.net.key new file mode 100644 index 0000000..7df0c99 --- /dev/null +++ b/roles/dch-vpn-server/files/certs/vpn.pyrocufflink.net.key @@ -0,0 +1,167 @@ +$ANSIBLE_VAULT;1.1;AES256 +63396433663665653333363138333431306134373366343964613933663736646463373538373437 +6333626465366431666465326138393730636263356462320a336333326635303666653030613338 +61343435646339376634383935653736333937353836336436636530363061303032303735376363 +6332303864326461370a656563343432306361316165383930363937613931383462356337616532 +30613566366162653661666631343231633035383262383330656531376262303337643763343435 +61393839636638343931333738346562626638633665666134646534313933316434636333646166 +61343363663966663831653733623131333966343737666632366631373763316363383436343764 +32636165623762333034626633623338643231666630373164663332666533343233316464633339 +62313734326436323333383963366133366461633034346261373265663765623161346231383631 +65633335393862616430653639663163303837356333613932663361663037396532633638643838 +32383834346637383035393264623530393432666530636164616536376237633634376133396436 +39306430386362613963333939663737613164303139353363316230633331613137653135623937 +38363761383762313930623930643561643266633261623033616437636266343038626534396337 +37663435356233333864643865396537373664643061383831663436356330373066343237393066 +31366566393763333265613636353937303830636632656131386532346265616630323831643939 +31353930353136373938333166333934616138303936323431363030356631306332623033613332 +63353538656238306137393966363838396435386433396639633235636663616335613966366161 +38343232653066303732393763316561633063653736353861323736636239633038336261303137 +30303765363262343761366466393338386431643331633664666666663562613131313936353339 +63646536326237643135663262623861613631663433366366393731313539326464643335643630 +38623865306666353434343833303965333266366466313566333263346364663665666566663839 +62313434386464363139663131346134616462313533656535356164303139633166303934316464 +65633330333366396662386331376234303265653439343135643833656137633839613463316134 +36633339373037326462313035653336633434633062346466383937376362353239346133393330 +38633361653662393461316164353438333138613466386136343432633738323461653838636266 +61663533363236363438373566323462313264616663376638636135326163653862313934646534 +32633330346238633833356465666134383430633466666537353431636335306235396232653332 +38326263656237656538626339326434313138386365666637643461663431363466613536373033 +33363233356533373634616363643434313064633031343831633839633938393230623430306230 +62313436383032626466383537366464323262313634643361383664376464323638343765303063 +37626434646564343365363066313164346230616664656465326133636438303936613366356537 +62376536623161306162633161376666613539323630663230616362316130653562366366353431 +37366631636265313132383539306637343730383937393938333831643838613437663235333931 +34346335356134396364666339366431336465626231343937313765383263346538376439363835 +36373739653733363931373235366339626331323866626261656332366561613930643534643864 +65376563346166303064623465336164356135313635663230376566383764323663393464393961 +34303865383139326166643361333063303264326635393034323732663934653865623864633065 +32396533393833666162616334323962326564333032353038313437333064643231383238366130 +32623463633537363263373237656636633034386430376362356361326230643163613030396338 +36363665383561326561303431616263383038313463393432336237383165613830663638616264 +35656366313766646337336662353335393164316539653031313737623066616161363238646131 +65623835316563386335316164616639356434343963653239333265353366633430633866316238 +65383934653830323939356263636431336532303937363430353934363465323337356461633635 +37343533663661356335663436346131616466396564356132633736616435363664313232323336 +36376436616534313866306533653066623761386162346634383964663432386136653866666130 +33616337653138663437376661353064373033373061363965613134336337396365363434363961 +32396337623435333438643236303339343031643537353239303336633665333162366162373363 +65323538666539326239396366386466623361336437373137386236383534326266356139383361 +33346364396138353132343865626566643262396332636630366430616438663766653030653162 +38383339623366643562313034373431326537343839316231316135303539373831323438373463 +31636464393031343234653466353839323732313238333231313536306136626538653462313933 +32383830643934653762653631366130383666326134383033333037623762626433326135663030 +39613935663062373264376238663063323035313065386439306539366535393965646337346461 +32613565373061313764316633633636306566396333663137633930323632363630333335656661 +65396630323330393232663632323161346133336666623837656131303962623238313937376462 +66386364643833303834366632333763656263323736636161306566383432623739353837313136 +62376261626636353632353831303235363338366634623831396364663066393337343036343730 +61653036356437313130656162333134373132326562613333333962613236306163626463316332 +36353531343634353163303536613365353464336437646265626666623039313038656663363363 +37366565383166636631333436376563633365636439646535653764623931346566376232313063 +37623161346465613665313832613162653636396264616132313166643236653664373463626666 +34333861303961666438383366393562386236643030396537333961343466353434366238373764 +33393539326165323937653761323430343437623837363935313934343963343861633231363663 +65643165386630316230613466353865363831333664313737396362313334323131333764333632 +34316164643530333233336630656231393033643163366266346565313863633536313433653533 +64303964653534616332633637396233356161613165633066303461393830323837313662363066 +65383138356336303239653538663464646232313231663863376338663731373739616530316533 +30643935613963326433366437323461333965643464636637643062313937613864646331343739 +63666464313932333630343434346138623731366561396434393036326339313630663335323931 +36383665633865306666326432333737656161393433376264373263303264616262333364386462 +65366337396533353866633130646134366531636138663363393634333930613963643538343264 +32383263363364663438393464396535366138623939333963376438633461396563366463323831 +34633133303961623235633664393035383631353538363066663365383538363535646530643132 +37343937633038303262653766666334303536373932313436343133306165326338303134356364 +64333139613638623261363430336634353032393734333130656132633531363633653665386333 +64393938623166623434316136353662373637623939313835343166653036376431383736306332 +65666134303862633736626536363763383531663237386238623236363535313537633839346230 +31373563353066636364626461643531386662653338343836646166323631396165663765376338 +37643632383534656461623530613535363739666136336564303739323736613735313662373638 +66653937633838643665346534633936313061323437623837323936353363333138313863326463 +38383338393733326231643865366232323631356233303764383632636535663265633834393436 +63373766646562313832353736386364356465333966636561313833313363633635663331303035 +36396131306561393462393632383163393233343932323466333436356339316536356638653434 +65336132383230316534643034616264326437613361646665383464663561376434656338313864 +37306436623039313062616664363262376338643632356336323565633265653934383735346237 +34393063323366623366633462653666616137386165386666616237613361633164373831313364 +37373137396462613030363938323231376563316531303033333136353533313338376136623634 +31376465383132336231663763626364373232623663613338353864323232626562393030653636 +37616331393638613732633762383630363136653834343331303862616634396163396564326162 +36663931313335333938363062636237326138646465346563313530326363653263386231373064 +36343136303361623962366363346635356530383763623364656261643532646662346463623630 +30616364613236306634336335646637313337346330366561323832333632303962376330363065 +38643231613137613462386137366535323237623865336564373533366563343536373837386366 +64326630386664316638666430636230653763366337386565343232663766393665323864613565 +36333738333739353835356634316566663163393265386665613732396234646635326531306531 +34323232616465613734376262383765323730623563313333613365633365313034323837323462 +38646636346430313461366634643165653932663865633761633634306332633562313338333836 +31333637653331393031313230653364616364636464623261653535323161363531616134616164 +35613132366464623730656162306163316162383232636462646666633938663634653531666131 +38356330363630393933326537653465313066313435646132393339383264356366333931326531 +65666534633865303333313339386263346531643935356137393864326434383438656166353636 +61663462373065303964363532643165616535616566363166383961613064643538666535396334 +66353263663366653566303237363632643635326333336430616435333735326236333733333638 +31393563656138626566346361386265326262396232653833326361623366393930353863336433 +38626466323835653663623438366261303632343432623830363563656264623263653635663835 +39383938316534633862653463353963626633386235353131356239343866616636386361346432 +39353336363333393437363166316161623631313866623832326464666431303334353734663563 +31383237653634366439633935306161353236633233643630353364663464326339313836643234 +36326431313833343537353038633234393432666162363333313838353734656136656333623734 +31376135306639343439393835393235376238353462323836343766653737646231646638386163 +63376633666164373562376464626665303236356234643438383966626530633037626631653462 +64633366666138373432616262633838633662313663646435336338396138366537313739383233 +66353362366235306233316132663335623238326634663435613265326539663539643130343135 +34646234383531333434613630623263663434633836316136313739316536366232643834373133 +61346261343864636337323161343933653065663235356530366231633131343561386430303039 +35346630306261333530343166663666366263333765663530646432303235373862336433613839 +61303133303265393337623963326535313666363734653734646566643832643234353437623232 +61326239646534393034386462663031613863316164333837323164353736393466323939616633 +36653735303563356239356338633635326666643666636266623935316237623461616134373439 +61376638363836333862336539363031373139356539366336353134663631306234363533633637 +34666665303438656462353564646663363430646432636230666337343837666630666536666131 +36623164646530373231386461383763343663346563373161376330313131316265306532326364 +66643735653238343364343630353239616165646535306234366566306661333630626663353262 +66613434313134333730343133383734303930353633616130363061336664313439363031303463 +62356635313265373539393165333030613361303463333461376333613865653232306162333438 +34663161373831656435626532643035366261373038386339303730336561653830653735363334 +31346337303837346432356436346130323233383432346263613834636139363936386661353166 +63336431316561366639343664346161636262383233393131336530626365393039393632613131 +65623531643836373632616662623037626264383137313034643331356665336163373832356164 +64626333336336306434383363373231336339626334386232333330643235363637616430323235 +62326430373535333337633665356135393231386133616162653261313334623363333937626464 +33633462633936343237343836323461663739623034373036363230613733393434613331626364 +62323836613364316562626263613033623138646161343662623965366263353830386361373032 +31346464363866336532363937633261323038393165383938623162643735363130306236393332 +32643563616637643337383937643631353863343038616662336166613530633732366238346137 +35303530373831376566643635373439356262306466656161616134653465303738393665393432 +34393630383332346330636561383135353861376235396136616165356165333766613037623366 +31663865333061336536656335393466656565653838326539386134653230376566626131616636 +61316432343830643361343466373762363864366164653764303566643833303066646138666264 +35373332613432336137333439323563323336636561663131393833656465353461613332376338 +30613463386330646432356436623335343738353965646639623934653335386431653033323866 +38623935636465343530643535306565353665353866326232353630653962343766396239366434 +32363734363338393538373034656333326433666365656363363466633763663038376166646164 +64386139623963386337313334656164303238656362656464663164383463663537656338313838 +39393536393266653665373861376135383761363763653132393863643337333863323465656263 +34653563313233353861613733393730323365303338623366333631383566366164666133363466 +31623133656131363631613536653166643731626336656136316631643737376262313030633864 +38393635313664303439343865646332616238333962303239306230363936326132353638356538 +34336232646166663039626530393063636566333165613138396439333061636563366165366664 +64623761643735643638343434646236626562343365363639353530303732663361386632316238 +32346164383830326431323362323230313737653832343932303132616238653831633531366238 +30306162386432356638366336613161653934366135396335326431333764633630623631306565 +39616431663032353832613233333264383238636561616262353566653239653131646535616564 +38373861633365626138353932633435343136346637636433306335616330336664356433636538 +63363162346564376333343338366563393165623937326138326132333066666231353266316133 +64663466643264633531636462333530613964616230353639613931343536366430346261333932 +65316336386366343061616536353431346461653965353965373863363430613164306466383438 +35346132353133363761623339353264633765623061626636646364303365306562613465363133 +66353762366266313739383234333531663736633133323463626631626437346362613862306466 +37373262613763396534323432616239633431666162353332323636356463376631656333316232 +30343131303133656265646332646437363039643237346162306138396461383666353062313337 +65313165363031303665656439306464396663393731376263666461386365663765346464333631 +37653532646335633062313337393765663866383061666564663238653165333762316336396231 +66333735323930646265623762656432383830616665343664373866376337643031663336626334 +38613766663033646261393030646465666666306332633036343535653662343834363761633732 +6537353364323030663232633330616464396131323331383839 diff --git a/roles/dch-vpn-server/files/vpn.pyrocufflink.net.ipsec.conf b/roles/dch-vpn-server/files/vpn.pyrocufflink.net.ipsec.conf new file mode 100644 index 0000000..f1e5586 --- /dev/null +++ b/roles/dch-vpn-server/files/vpn.pyrocufflink.net.ipsec.conf @@ -0,0 +1,29 @@ +conn dhatch-d4b + keyexchange = ikev2 + dpdaction = clear + dpddelay = 300s + left = %defaultroute + leftauth = pubkey + leftid = @vpn.pyrocufflink.net + leftcert = vpn.pyrocufflink.net.cer + leftsubnet = 172.31.0.0/27 + leftfirewall = yes + right = %any + rightauth = pubkey + rightid = "C=US, O=Dustin C. Hatch, CN=dhatch-d4b.securepassage.com" + rightsubnet = 0.0.0.0/0 + auto = add + +conn remote-access + keyexchange = ikev2 + dpdaction = clear + dpddelay = 300s + left = %defaultroute + leftid = @vpn.pyrocufflink.net + leftcert = vpn.pyrocufflink.net.cer + leftsubnet = 0.0.0.0/0 + right = %any + rightsourceip = 172.31.0.64/28 + rightauth = pubkey + rightdns = 172.31.0.4,172.31.0.10 + auto = add diff --git a/roles/dch-vpn-server/files/vpn.pyrocufflink.net.secret b/roles/dch-vpn-server/files/vpn.pyrocufflink.net.secret new file mode 100644 index 0000000..10f87a9 --- /dev/null +++ b/roles/dch-vpn-server/files/vpn.pyrocufflink.net.secret @@ -0,0 +1 @@ +: RSA vpn.pyrocufflink.net.key diff --git a/roles/dch-vpn-server/meta/main.yml b/roles/dch-vpn-server/meta/main.yml new file mode 100644 index 0000000..c8e0bf0 --- /dev/null +++ b/roles/dch-vpn-server/meta/main.yml @@ -0,0 +1,2 @@ +dependencies: +- strongswan diff --git a/roles/dch-vpn-server/tasks/main.yml b/roles/dch-vpn-server/tasks/main.yml new file mode 100644 index 0000000..b526e79 --- /dev/null +++ b/roles/dch-vpn-server/tasks/main.yml @@ -0,0 +1,39 @@ +- name: ensure pyrocufflink vpn connection is configured + copy: + src=vpn.pyrocufflink.net.ipsec.conf + dest=/etc/strongswan/ipsec.d/conns/vpn.pyrocufflink.net.conf + mode=0644 + notify: restart strongswan +- name: ensure pyrocufflink vpn secret is configured + copy: + src=vpn.pyrocufflink.net.secret + dest=/etc/strongswan/ipsec.secrets.d/vpn.pyrocufflink.net + mode=0600 + notify: restart strongswan + +- name: ensure dch ca certificates are installed + copy: + src={{ item }} + dest=/etc/strongswan/ipsec.d/cacerts/{{ item|basename }} + mode=0644 + with_items: + - certs/dch-root-ca.crt + - certs/dch-ca.crt + notify: restart strongswan +- name: ensure vpn server certificate is installed + copy: + src=certs/vpn.pyrocufflink.net.cer + dest=/etc/strongswan/ipsec.d/certs/ + mode=0644 + notify: restart strongswan +- name: ensure vpn server private key is installed + copy: + src=certs/vpn.pyrocufflink.net.key + dest=/etc/strongswan/ipsec.d/private/ + mode=0400 + notify: restart strongswan + +- name: ensure strongswan is running + service: + name=strongswan + state=started