Merge remote-tracking branch 'upstream/master'

2025-09-04 02:53:06 +02:00 · 2017-04-15 15:42:54 -07:00 · 2017-04-15 15:42:54 -07:00 · a419d8dac6
commit a419d8dac6
parent b2f7750655 04b61ca3d2
6 changed files with 18 additions and 7 deletions
--- a/12
+++ b/12
@ -2,6 +2,15 @@

 set -e

+ACTIVATE_SCRIPT="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )/env/bin/activate"
+if [ -f "$ACTIVATE_SCRIPT" ]
+then
+	source $ACTIVATE_SCRIPT
+else
+	echo "$ACTIVATE_SCRIPT not found.  Did you follow documentation to install dependencies?"
+	exit 1
+fi
+
 SKIP_TAGS="_null encrypted"
 ADDITIONAL_PROMPT="[pasted values will not be displayed]"

@ -252,10 +261,10 @@ Name the vpn server:
    11.  eu-west-1           EU (Ireland)
    12.  eu-west-2           EU (London)
    13.  ca-central-1        Canada (Central)
+    14.  sa-east-1           São Paulo
 Enter the number of your desired region:
 [1]: " -r aws_region
  aws_region=${aws_region:-1}
-  # sa-east-1 region does not support the size instance we use.

  case "$aws_region" in
    1) region="us-east-1" ;;
@ -271,6 +280,7 @@ Enter the number of your desired region:
    11) region="eu-west-1" ;;
    12) region="eu-west-2";;
    13) region="ca-central-1" ;;
+    14) region="sa-east-1" ;;
  esac

  ROLES="ec2 vpn cloud"
--- a/roles/vpn/defaults/main.yml
+++ b/roles/vpn/defaults/main.yml
@ -25,5 +25,5 @@ ciphers:
    ike: aes128gcm16-sha2_512-prfsha512-ecp256!
    esp: aes128gcm16-sha2_512-ecp256!
  compat:
-    ike: aes128-sha2_512-prfsha512-ecp256,aes128gcm16-sha2_512-prfsha512-ecp256,aes128-sha2_256-prfsha256-modp2048!
-    esp: aes128-sha2_512-ecp256,aes128gcm16-sha2_512-ecp256,aes128-sha2_256-modp2048!
+    ike: aes128gcm16-sha2_512-prfsha512-ecp256,aes128-sha2_512-prfsha512-ecp256,aes128-sha2_256-prfsha256-modp2048!
+    esp: aes128gcm16-sha2_512-ecp256,aes128-sha2_512-ecp256,aes128-sha2_256-modp2048!
--- a/roles/vpn/tasks/main.yml
+++ b/roles/vpn/tasks/main.yml
@ -8,7 +8,7 @@

 - name: Generate password for the CA key
  shell: >
-    openssl rand -hex 6
+    openssl rand -hex 16
  register: CA_password

 - set_fact:
--- a/roles/vpn/templates/client_ipsec.conf.j2
+++ b/roles/vpn/templates/client_ipsec.conf.j2
@ -21,7 +21,7 @@ conn ikev2-{{ IP_subject_alt_name }}

    leftsourceip=%config
    leftauth=pubkey
-    leftcert={{ IP_subject_alt_name }}_{{ item }}.crt
+    leftcert={{ item }}.crt
    leftfirewall=yes
    left=%defaultroute

--- a/roles/vpn/templates/client_ipsec.secrets.j2
+++ b/roles/vpn/templates/client_ipsec.secrets.j2
@ -1,5 +1,5 @@
 {% if Win10_Enabled is defined and Win10_Enabled == "Y" %}
-{{ IP_subject_alt_name }} : RSA {{ IP_subject_alt_name }}_{{ item }}.key
+{{ IP_subject_alt_name }} : RSA {{ item }}.key
 {% else %}
-{{ IP_subject_alt_name }} : ECDSA {{ IP_subject_alt_name }}_{{ item }}.key
+{{ IP_subject_alt_name }} : ECDSA {{ item }}.key
 {% endif %}
--- a/users.yml
+++ b/users.yml
@ -34,6 +34,7 @@
  become: true
  vars_files:
    - config.cfg
+    - roles/vpn/defaults/main.yml

  pre_tasks:
    - name: Common pre-tasks