diff --git a/roles/vpn/tasks/main.yml b/roles/vpn/tasks/main.yml
index fbe4b94..6fff583 100644
--- a/roles/vpn/tasks/main.yml
+++ b/roles/vpn/tasks/main.yml
@@ -170,6 +170,9 @@
- name: Set facts for mobileconfigs
set_fact:
proxy_enabled: false
+ pkcs12_PayloadCertificateUUID: "{{ 900000 | random | to_uuid | upper }}"
+ VPN_PayloadIdentifier: "{{ 800000 | random | to_uuid | upper }}"
+ CA_PayloadIdentifier: "{{ 700000 | random | to_uuid | upper }}"
- name: Build the mobileconfigs
template: src=mobileconfig.j2 dest=/{{ easyrsa_dir }}/easyrsa3//pki/private/{{ item.0 }}.mobileconfig mode=0600
@@ -224,4 +227,3 @@
- include: iptables.yml
tags: iptables
-
diff --git a/roles/vpn/templates/mobileconfig.j2 b/roles/vpn/templates/mobileconfig.j2
index 5714839..762848a 100644
--- a/roles/vpn/templates/mobileconfig.j2
+++ b/roles/vpn/templates/mobileconfig.j2
@@ -44,7 +44,7 @@
LocalIdentifier
{{ item.0 }}
PayloadCertificateUUID
- 1FB2907D-14D3-4BAB-A472-B304F4B7F7D9
+ {{ pkcs12_PayloadCertificateUUID }}
CertificateType
ECDSA256
ServerCertificateIssuerCommonName
@@ -66,11 +66,11 @@
PayloadDisplayName
VPN
PayloadIdentifier
- com.apple.vpn.managed.D247A30B-6023-4C8E-B3E3-FF1910A65E53
+ com.apple.vpn.managed.{{ VPN_PayloadIdentifier }}
PayloadType
com.apple.vpn.managed
PayloadUUID
- D247A30B-6023-4C8E-B3E3-FF1910A65E53
+ {{ VPN_PayloadIdentifier }}
PayloadVersion
1
Proxies
@@ -111,11 +111,11 @@
PayloadDisplayName
{{ item.0 }}.p12
PayloadIdentifier
- com.apple.security.pkcs12.1FB2907D-14D3-4BAB-A472-B304F4B7F7D9
+ com.apple.security.pkcs12.{{ pkcs12_PayloadCertificateUUID }}
PayloadType
com.apple.security.pkcs12
PayloadUUID
- 1FB2907D-14D3-4BAB-A472-B304F4B7F7D9
+ {{ pkcs12_PayloadCertificateUUID }}
PayloadVersion
1
@@ -131,11 +131,11 @@
PayloadDisplayName
{{ IP_subject_alt_name }}
PayloadIdentifier
- com.apple.security.root.32EA3AAA-D19E-43EF-B357-608218745A38
+ com.apple.security.root.{{ CA_PayloadIdentifier }}
PayloadType
com.apple.security.root
PayloadUUID
- 32EA3AAA-D19E-43EF-B357-608218745A38
+ {{ CA_PayloadIdentifier }}
PayloadVersion
1
@@ -148,16 +148,16 @@
{% endif %}
PayloadIdentifier
{% if proxy_enabled is defined and proxy_enabled == true %}
- donut.local.37CA79B1-FC6A-421F-960A-90F91FC983BA
+ donut.local.{{ 600000 | random | to_uuid | upper }}
{% else %}
- donut.local.37CA79B1-FC6A-421F-960A-90F91FC983BE
+ donut.local.{{ 500000 | random | to_uuid | upper }}
{% endif %}
PayloadRemovalDisallowed
PayloadType
Configuration
PayloadUUID
- 743B04A8-5725-45A2-B1BB-836F8C16DB0A
+ {{ 400000 | random | to_uuid | upper }}
PayloadVersion
1