From 041c6da9b02e0360f254a272b6873b7a31abae64 Mon Sep 17 00:00:00 2001 From: Dan Guido Date: Sun, 15 May 2016 11:02:13 -0400 Subject: [PATCH] fix what was here, script runs now --- .gitignore | 1 + roles/common/tasks/main.yml | 16 +++++++++------- vpn.yml | 1 - 3 files changed, 10 insertions(+), 8 deletions(-) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a8b42eb --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +*.retry diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index d617f88..5b93a43 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -2,13 +2,15 @@ - name: Install StrongSwan apt: name=strongswan state=latest update_cache=yes -- name: Modify sysctl values to route traffic appropriately - sysctl: - - name=net.ipv4.ip_forwarding value=1 - - name=net.ipv4.conf.all.accept_redirects value=0 - - name=net.ipv4.conf.all.send_redirects value=0 +- name: Enable packet forwarding for IPv4 + sysctl: name=net.ipv4.ip_forward value=1 + +- name: Do not accept ICMP redirects (prevent MITM attacks) + sysctl: name=net.ipv4.conf.all.accept_redirects value=0 + +- name: Do not accept ICMP redirects (prevent MITM attacks) + sysctl: name=net.ipv4.conf.all.send_redirects value=0 - name: Configure IPTables to route traffic appropriately - iptables: - - table=nat chain=POSTROUTING src=10.0.0.0/24 dst=10.0.0.0/24 jump=MASQUERADE + iptables: table=nat chain=POSTROUTING source=10.0.0.0/24 out_interface=eth0 jump=MASQUERADE diff --git a/vpn.yml b/vpn.yml index 2f58f96..9418841 100644 --- a/vpn.yml +++ b/vpn.yml @@ -1,5 +1,4 @@ --- - - name: Install StrongSwan and its dependencies hosts: vpn roles: