addtiional fixes

roles/common/tasks/main.yml

@@ -60,6 +60,7 @@
     - sendmail
     - iptables-persistent
     - cgroup-tools
+    - openssl
   tags:
     - always
 

roles/vpn/tasks/iptables.yml

@@ -4,6 +4,13 @@
   template: src="{{ item.src }}" dest="{{ item.dest }}" owner=root group=root mode=0640
   with_items:
     - { src: rules.v4.j2, dest: /etc/iptables/rules.v4 }
+  notify:
+    - restart iptables
+
+- name: Iptables configured
+  template: src="{{ item.src }}" dest="{{ item.dest }}" owner=root group=root mode=0640
+  when: ipv6_support is defined and ipv6_support == "yes"
+  with_items:
     - { src: rules.v6.j2, dest: /etc/iptables/rules.v6 }
   notify:
     - restart iptables

roles/vpn/tasks/main.yml

@@ -21,6 +21,7 @@
     - /usr/lib/ipsec/stroke
   notify:
     - restart apparmor
+  tags: ['apparmor']
 
 - name: Enable services
   service: name={{ item }} enabled=yes
@@ -38,8 +39,9 @@
 
 - name: Configure ip6tables so IPSec traffic can traverse the tunnel
   iptables: ip_version=ipv6 table=nat chain=POSTROUTING source="{{ vpn_network_ipv6 }}" jump=MASQUERADE
-  when: (security_enabled is not defined) or
-        (security_enabled is defined and security_enabled != "y")
+  when: ((security_enabled is not defined) or
+        (security_enabled is defined and security_enabled != "y")) and
+        ipv6_support is defined and ipv6_support == "yes"
   notify:
     - save iptables