summaryrefslogtreecommitdiff
path: root/roles/openvpn/tasks/main.yml
diff options
context:
space:
mode:
Diffstat (limited to 'roles/openvpn/tasks/main.yml')
-rw-r--r--roles/openvpn/tasks/main.yml56
1 files changed, 0 insertions, 56 deletions
diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml
deleted file mode 100644
index ad3b928..0000000
--- a/roles/openvpn/tasks/main.yml
+++ /dev/null
@@ -1,56 +0,0 @@
----
-- name: install openvpn
- apt: name=openvpn state=latest
-
-- name: copy root certificate
- copy: src=ca.crt dest=/etc/openvpn/ca.crt
- notify: restart openvpn
-
-- name: copy dh parameters
- copy: src=dh4096.pem dest=/etc/openvpn/dh4096.pem
- notify: restart openvpn
-
-- name: copy server config
- copy: src=server.conf dest=/etc/openvpn/server.conf
- notify: restart openvpn
-
-- name: copy crl
- copy: src=crl.pem dest=/etc/openvpn/crl.pem
- notify: restart openvpn # restart to terminate all connections and enforce crl
-
-- name: copy server certificate
- copy:
- src="host_files/{{inventory_hostname}}/etc/openvpn/server.crt"
- dest=/etc/openvpn/server.crt
- notify: restart openvpn
-
-- name: copy server key
- copy:
- src="host_files/{{inventory_hostname}}/etc/openvpn/server.key"
- dest=/etc/openvpn/server.key
- mode=0600
- notify: restart openvpn
-
-- name: enable ip forwarding
- sysctl: name="net.ipv4.ip_forward" value=1 sysctl_set=yes state=present reload=yes
-
-- name: firewall - update default forward policy
- lineinfile: dest=/etc/default/ufw regexp=^DEFAULT_FORWARD_POLICY line=DEFAULT_FORWARD_POLICY="ACCEPT"
- notify: restart ufw
-
-- name: firewall - add NAT rules
- blockinfile:
- dest: /etc/ufw/before.rules
- insertbefore: BOF
- block: |
- # NAT table rules
- *nat
- :POSTROUTING ACCEPT [0:0]
- # Allow traffic from OpenVPN client to eth0
- -A POSTROUTING -s 192.168.255.0/24 -o eth0 -j MASQUERADE
- COMMIT
- notify: restart ufw
-
-- name: firewall - allow openvpn
- ufw: rule=allow port=1194 proto=udp
- notify: restart ufw
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-18 02:08:43 +0000