roles/dch-vpn-server: Deploy pyrocufflink VPN

The *dch-vpn-server* role configures strongSwan to act as an IPsec
responder for `vpn.pyrocufflink.net` and provide an IKEv2/IPsec VPN for
remote access clients, as well as the reverse VPN to FireMon.

roles/dch-vpn-server/files/certs/openssl.cnf

@@ -0,0 +1,20 @@
+# vim: set ft=dosini :
+
+[req]
+prompt = no
+default_md = sha256
+distinguished_name = req_distinguished_name
+req_extensions = req_extensions
+
+[req_distinguished_name]
+countryName = US
+organizationName = Dustin C. Hatch
+commonName = vpn.pyrocufflink.net
+
+[req_extensions]
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.0 = vpn.pyrocufflink.net
+DNS.1 = vpn.pyrocufflink.blue
+DNS.2 = vpn.pyrocufflink.red