infra/configure_openvpn_server/playbooks/roles/vpn-server/tasks/main.yml

   1 ---
   2 # tasks file for vpn_server
   3 - name: Update the system packages
   4   apt:
   5     update_cache: true
   6
   7 - name: Install Python, Openvpn & Easy-rsa
   8   package:
   9     name: "{{ item }}"
  10     state: present
  11   with_items:
  12     - python-pip
  13     - openvpn
  14     - easy-rsa
  15
  16 - name: Remove CA directory
  17   file:
  18     state: absent
  19     path: "{{ openvpn_ca }}"
  20
  21 - name: Create CA directory
  22   command: make-cadir "{{ openvpn_ca }}"
  23   changed_when: false
  24
  25 - name: Customize CA variable configuration
  26   template:
  27     src: vars.j2
  28     dest: "{{ openvpn_ca }}/vars"
  29     force: true
  30   changed_when: false
  31
  32 - name: Create keys directory under {{ openvpn_ca }}
  33   file:
  34     path: "{{ openvpn_ca }}/keys"
  35     state: directory
  36
  37 - name: Build Diffie-Hellman parameters and key generation
  38   shell: >
  39     source vars;
  40     sh "{{ openvpn_ca }}"/clean-all;
  41     sh "{{ openvpn_ca }}"/build-dh;
  42     openvpn --genkey --secret keys/ta.key;
  43   args:
  44     chdir: "{{ openvpn_ca }}"
  45     executable: /bin/bash
  46   changed_when: false
  47
  48 - name: Copy key and certificates
  49   copy:
  50     src: "{{ hostvars['localhost']['vpn_files_location'] }}/{{ item }}"
  51     dest: "{{ openvpn_ca }}/keys"
  52   with_items:
  53     - "{{ openvpn_server }}.crt"
  54     - "{{ openvpn_server }}.key"
  55     - ca.crt
  56
  57 - name: Copy key and certificates to /etc/openvpn
  58   copy:
  59     src: "{{ hostvars['localhost']['vpn_files_location'] }}/{{ item }}"
  60     dest: "/etc/openvpn/"
  61   with_items:
  62     - "{{ openvpn_server }}.crt"
  63     - "{{ openvpn_server }}.key"
  64     - ca.crt
  65
  66 - name: Copy DH cert and key to /etc/openvpn
  67   copy:
  68     src: "{{ openvpn_ca }}/keys/{{ item }}"
  69     dest: "/etc/openvpn/"
  70     remote_src: true
  71   with_items:
  72     - "ta.key"
  73     - "dh2048.pem"
  74
  75 - name: Adjust OpenVPN Server Configuration
  76   template:
  77     src: server.conf.j2
  78     dest: "/etc/openvpn/server.conf"
  79     force: true
  80
  81 - name: Configuration IP forwarding
  82   sysctl:
  83     name: net.ipv4.ip_forward
  84     value: "1"
  85     state: present
  86     reload: true
  87
  88 - name: Updating iptables for incoming
  89   iptables:
  90     chain: FORWARD
  91     jump: ACCEPT
  92     in_interface: tun+
  93
  94 - name: Updating iptables for outgoing
  95   iptables:
  96     chain: FORWARD
  97     jump: ACCEPT
  98     out_interface: tun+
  99
 100 - name: Setup the MASQUERADE
 101   lineinfile:
 102     path: /lib/systemd/system/openvpn@.service
 103     insertafter: 'ExecStart='
 104     line: "ExecStartPost=/sbin/iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -d {{ network_cidr }}/24 -j MASQUERADE"
 105
 106 - name: Systemd to reread configuration
 107   systemd:
 108     daemon_reload: true
 109
 110 - name: Start and Enable Openvpn Service
 111   systemd:
 112     name: openvpn@server
 113     state: started
 114     daemon_reload: true
 115     enabled: true
 116
 117 - name: Cleanup vpn files in localhost
 118   file:
 119     path: "{{ hostvars['localhost']['vpn_files_location'] }}"
 120     state: absent
 121   delegate_to: localhost
 122   become: false