roles/dch-vpn-server: Deploy pyrocufflink VPN
The *dch-vpn-server* role configures strongSwan to act as an IPsec responder for `vpn.pyrocufflink.net` and provide an IKEv2/IPsec VPN for remote access clients, as well as the reverse VPN to FireMon.
This commit is contained in:
39
roles/dch-vpn-server/tasks/main.yml
Normal file
39
roles/dch-vpn-server/tasks/main.yml
Normal file
@@ -0,0 +1,39 @@
|
||||
- name: ensure pyrocufflink vpn connection is configured
|
||||
copy:
|
||||
src=vpn.pyrocufflink.net.ipsec.conf
|
||||
dest=/etc/strongswan/ipsec.d/conns/vpn.pyrocufflink.net.conf
|
||||
mode=0644
|
||||
notify: restart strongswan
|
||||
- name: ensure pyrocufflink vpn secret is configured
|
||||
copy:
|
||||
src=vpn.pyrocufflink.net.secret
|
||||
dest=/etc/strongswan/ipsec.secrets.d/vpn.pyrocufflink.net
|
||||
mode=0600
|
||||
notify: restart strongswan
|
||||
|
||||
- name: ensure dch ca certificates are installed
|
||||
copy:
|
||||
src={{ item }}
|
||||
dest=/etc/strongswan/ipsec.d/cacerts/{{ item|basename }}
|
||||
mode=0644
|
||||
with_items:
|
||||
- certs/dch-root-ca.crt
|
||||
- certs/dch-ca.crt
|
||||
notify: restart strongswan
|
||||
- name: ensure vpn server certificate is installed
|
||||
copy:
|
||||
src=certs/vpn.pyrocufflink.net.cer
|
||||
dest=/etc/strongswan/ipsec.d/certs/
|
||||
mode=0644
|
||||
notify: restart strongswan
|
||||
- name: ensure vpn server private key is installed
|
||||
copy:
|
||||
src=certs/vpn.pyrocufflink.net.key
|
||||
dest=/etc/strongswan/ipsec.d/private/
|
||||
mode=0400
|
||||
notify: restart strongswan
|
||||
|
||||
- name: ensure strongswan is running
|
||||
service:
|
||||
name=strongswan
|
||||
state=started
|
||||
Reference in New Issue
Block a user