wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-06-06 15:13:56 +02:00
Code Issues Projects Releases Wiki Activity

no reason to have roles yet

Browse source
This commit is contained in:
Dan Guido 2016-05-15 11:06:03 -04:00
parent 041c6da9b0
commit e10b1b669f
2 changed files with 15 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
roles/common/tasks/main.yml
View file

@ -1,16 +0,0 @@
---
- name: Install StrongSwan
apt: name=strongswan state=latest update_cache=yes
- name: Enable packet forwarding for IPv4
sysctl: name=net.ipv4.ip_forward value=1
- name: Do not accept ICMP redirects (prevent MITM attacks)
sysctl: name=net.ipv4.conf.all.accept_redirects value=0
- name: Do not accept ICMP redirects (prevent MITM attacks)
sysctl: name=net.ipv4.conf.all.send_redirects value=0
- name: Configure IPTables to route traffic appropriately
iptables: table=nat chain=POSTROUTING source=10.0.0.0/24 out_interface=eth0 jump=MASQUERADE

17
vpn.yml
View file

@ -1,5 +1,18 @@
---
- name: Install StrongSwan and its dependencies
hosts: vpn
roles:
- common
tasks:
- name: Install StrongSwan
apt: name=strongswan state=latest update_cache=yes
- name: Enable packet forwarding for IPv4
sysctl: name=net.ipv4.ip_forward value=1
- name: Do not accept ICMP redirects (prevent MITM attacks)
sysctl: name=net.ipv4.conf.all.accept_redirects value=0
- name: Do not accept ICMP redirects (prevent MITM attacks)
sysctl: name=net.ipv4.conf.all.send_redirects value=0
- name: Configure IPTables to route traffic appropriately
iptables: table=nat chain=POSTROUTING source=10.0.0.0/24 out_interface=eth0 jump=MASQUERADE