diff --git a/algo b/algo index e5365bc..20d2778 100755 --- a/algo +++ b/algo @@ -303,7 +303,8 @@ What user should we use to login on the server? (note: passwordless login requir read -p " Enter the public IP address of your server: (IMPORTANT! This IP is used to verify the certificate) -: " -r IP_subject +[$server_ip]: " -r IP_subject + IP_subject=${IP_subject:-$server_ip} ROLES="local vpn" EXTRA_VARS="server_ip=$server_ip server_user=$server_user IP_subject_alt_name=$IP_subject" diff --git a/config.cfg b/config.cfg index 9ac69db..d48872d 100644 --- a/config.cfg +++ b/config.cfg @@ -11,16 +11,13 @@ auditd_action_mail_acct: email@example.com ### Advanced users only below this line ### -easyrsa_dir: /opt/easy-rsa-ipsec -easyrsa_ca_expire: 3650 -easyrsa_cert_expire: 3650 - # If True re-init all existing certificates. (True or False) easyrsa_reinit_existent: False vpn_network: 10.19.48.0/24 -vpn_network_ipv6: 'fd9d:bc11:4020::/48' # https://www.sixxs.net/tools/whois/?fd9d:bc11:4020::/48 +vpn_network_ipv6: 'fd9d:bc11:4020::/48' + server_name: "{{ ansible_ssh_host }}" IP_subject_alt_name: "{{ ansible_ssh_host }}" @@ -32,30 +29,6 @@ dns_servers: - 2001:4860:4860::8888 - 2001:4860:4860::8844 -strongswan_enabled_plugins: - - aes - - gcm - - hmac - - kernel-netlink - - nonce - - openssl - - pem - - pgp - - pkcs12 - - pkcs7 - - pkcs8 - - pubkey - - random - - revocation - - sha2 - - socket-default - - stroke - - x509 - -ec2_vpc_nets: - cidr_block: 172.251.0.0/23 - subnet_cidr: 172.251.1.0/24 - # IP address for the proxy and the local dns resolver local_service_ip: 172.16.0.1 @@ -64,7 +37,6 @@ VPN_PayloadIdentifier: "{{ 800000 | random | to_uuid | upper }}" CA_PayloadIdentifier: "{{ 700000 | random | to_uuid | upper }}" # Block traffic between connected clients - BetweenClients_DROP: Y congrats: diff --git a/roles/cloud-ec2/defaults/main.yml b/roles/cloud-ec2/defaults/main.yml new file mode 100644 index 0000000..173d969 --- /dev/null +++ b/roles/cloud-ec2/defaults/main.yml @@ -0,0 +1,5 @@ +--- + +ec2_vpc_nets: + cidr_block: 172.251.0.0/23 + subnet_cidr: 172.251.1.0/24 diff --git a/roles/vpn/defaults/main.yml b/roles/vpn/defaults/main.yml new file mode 100644 index 0000000..cc3ee72 --- /dev/null +++ b/roles/vpn/defaults/main.yml @@ -0,0 +1,21 @@ +--- + +strongswan_enabled_plugins: + - aes + - gcm + - hmac + - kernel-netlink + - nonce + - openssl + - pem + - pgp + - pkcs12 + - pkcs7 + - pkcs8 + - pubkey + - random + - revocation + - sha2 + - socket-default + - stroke + - x509