Final iteration. I think that's all I can do to minimize the changes

2025-09-07 04:24:08 +02:00 · 2017-02-10 16:18:06 +00:00 · 2017-02-10 16:18:06 +00:00 · 657ad0c3d8
commit 657ad0c3d8
parent 9b905917cc
3 changed files with 6 additions and 6 deletions
--- a/roles/vpn/tasks/main.yml
+++ b/roles/vpn/tasks/main.yml
@ -197,7 +197,7 @@
    chdir: "configs/{{ IP_subject_alt_name }}/pki/"
    creates: certs/{{ item }}_crt_generated
  environment:
-    subjectAltName: "DNS:{{ item }},IP:{{ IP_subject_alt_name }}"
+    subjectAltName: "DNS:{{ item }}"
  with_items: "{{ users }}"
 - name: Build the client's p12
@ -212,7 +212,7 @@
  local_action:
    module: copy
    src: "configs/{{ IP_subject_alt_name }}/pki/private/{{ item }}.p12"
-    dest: "configs/{{ IP_subject_alt_name }}/{{IP_subject_alt_name }}_{{ item }}.p12"
+    dest: "configs/{{ IP_subject_alt_name }}/{{ item }}.p12"
    mode: 0600
  become: no
  with_items:
--- a/roles/vpn/templates/client_windows.ps1.j2
+++ b/roles/vpn/templates/client_windows.ps1.j2
@ -1,3 +1,3 @@
-certutil -f -p {{ easyrsa_p12_export_password }} -importpfx .\{{ IP_subject_alt_name }}_{{ item }}.p12
+certutil -f -p {{ easyrsa_p12_export_password }} -importpfx .\{{ item }}.p12
 Add-VpnConnection -name "Algo" -ServerAddress "{{ IP_subject_alt_name }}" -TunnelType IKEv2 -AuthenticationMethod MachineCertificate -EncryptionLevel Required
 Set-VpnConnectionIPsecConfiguration -ConnectionName "Algo" -AuthenticationTransformConstants SHA256128 -CipherTransformConstants AES256 -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -DHGroup Group14 -PfsGroup none
--- a/users.yml
+++ b/users.yml
@ -71,7 +71,7 @@
        chdir: "configs/{{ IP_subject_alt_name }}/pki/"
        creates: certs/{{ item }}_crt_generated
      environment:
-        subjectAltName: "DNS:{{ item }},IP:{{ IP_subject_alt_name }}"
+        subjectAltName: "DNS:{{ item }}"
      with_items: "{{ users }}"
    - name: Build the client's p12
@ -86,7 +86,7 @@
      local_action:
        module: copy
        src: "configs/{{ IP_subject_alt_name }}/pki/private/{{ item }}.p12"
-        dest: "configs/{{ IP_subject_alt_name }}/{{ IP_subject_alt_name }}_{{ item }}.p12"
+        dest: "configs/{{ IP_subject_alt_name }}/{{ item }}.p12"
        mode: 0600
      become: no
      with_items:
@ -110,7 +110,7 @@
        chdir: "configs/{{ IP_subject_alt_name }}/pki/"
        creates: crl/{{ item }}_revoked
      environment:
-        subjectAltName: "DNS:{{ item }},IP:{{ IP_subject_alt_name }}"
+        subjectAltName: "DNS:{{ item }}"
      when: item not in users
      with_items: "{{ valid_certs.stdout_lines }}"