From a50a396b94aa8c5f81677384e737b67f32b11d0a Mon Sep 17 00:00:00 2001
From: Jack Ivanov <e601809@gmail.com>
Date: Wed, 11 Jan 2017 20:55:44 +0300
Subject: [PATCH] addtiional fixes

---
 roles/common/tasks/main.yml  | 1 +
 roles/vpn/tasks/iptables.yml | 7 +++++++
 roles/vpn/tasks/main.yml     | 6 ++++--
 3 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 12d7109..79c7cfe 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -60,6 +60,7 @@
     - sendmail
     - iptables-persistent
     - cgroup-tools
+    - openssl
   tags:
     - always
 
diff --git a/roles/vpn/tasks/iptables.yml b/roles/vpn/tasks/iptables.yml
index aeed994..0088a6d 100644
--- a/roles/vpn/tasks/iptables.yml
+++ b/roles/vpn/tasks/iptables.yml
@@ -4,6 +4,13 @@
   template: src="{{ item.src }}" dest="{{ item.dest }}" owner=root group=root mode=0640
   with_items:
     - { src: rules.v4.j2, dest: /etc/iptables/rules.v4 }
+  notify:
+    - restart iptables
+
+- name: Iptables configured
+  template: src="{{ item.src }}" dest="{{ item.dest }}" owner=root group=root mode=0640
+  when: ipv6_support is defined and ipv6_support == "yes"
+  with_items:
     - { src: rules.v6.j2, dest: /etc/iptables/rules.v6 }
   notify:
     - restart iptables
diff --git a/roles/vpn/tasks/main.yml b/roles/vpn/tasks/main.yml
index 08971ca..0ec3a18 100644
--- a/roles/vpn/tasks/main.yml
+++ b/roles/vpn/tasks/main.yml
@@ -21,6 +21,7 @@
     - /usr/lib/ipsec/stroke
   notify:
     - restart apparmor
+  tags: ['apparmor']
 
 - name: Enable services
   service: name={{ item }} enabled=yes
@@ -38,8 +39,9 @@
 
 - name: Configure ip6tables so IPSec traffic can traverse the tunnel
   iptables: ip_version=ipv6 table=nat chain=POSTROUTING source="{{ vpn_network_ipv6 }}" jump=MASQUERADE
-  when: (security_enabled is not defined) or
-        (security_enabled is defined and security_enabled != "y")
+  when: ((security_enabled is not defined) or
+        (security_enabled is defined and security_enabled != "y")) and
+        ipv6_support is defined and ipv6_support == "yes"
   notify:
     - save iptables