From e10b1b669f995feed0f23f3856df9075e44d434b Mon Sep 17 00:00:00 2001 From: Dan Guido Date: Sun, 15 May 2016 11:06:03 -0400 Subject: [PATCH] no reason to have roles yet --- roles/common/tasks/main.yml | 16 ---------------- vpn.yml | 17 +++++++++++++++-- 2 files changed, 15 insertions(+), 18 deletions(-) delete mode 100644 roles/common/tasks/main.yml diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml deleted file mode 100644 index 5b93a43..0000000 --- a/roles/common/tasks/main.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: Install StrongSwan - apt: name=strongswan state=latest update_cache=yes - -- name: Enable packet forwarding for IPv4 - sysctl: name=net.ipv4.ip_forward value=1 - -- name: Do not accept ICMP redirects (prevent MITM attacks) - sysctl: name=net.ipv4.conf.all.accept_redirects value=0 - -- name: Do not accept ICMP redirects (prevent MITM attacks) - sysctl: name=net.ipv4.conf.all.send_redirects value=0 - -- name: Configure IPTables to route traffic appropriately - iptables: table=nat chain=POSTROUTING source=10.0.0.0/24 out_interface=eth0 jump=MASQUERADE - diff --git a/vpn.yml b/vpn.yml index 9418841..97880f9 100644 --- a/vpn.yml +++ b/vpn.yml @@ -1,5 +1,18 @@ --- - name: Install StrongSwan and its dependencies hosts: vpn - roles: - - common + tasks: + - name: Install StrongSwan + apt: name=strongswan state=latest update_cache=yes + + - name: Enable packet forwarding for IPv4 + sysctl: name=net.ipv4.ip_forward value=1 + + - name: Do not accept ICMP redirects (prevent MITM attacks) + sysctl: name=net.ipv4.conf.all.accept_redirects value=0 + + - name: Do not accept ICMP redirects (prevent MITM attacks) + sysctl: name=net.ipv4.conf.all.send_redirects value=0 + + - name: Configure IPTables to route traffic appropriately + iptables: table=nat chain=POSTROUTING source=10.0.0.0/24 out_interface=eth0 jump=MASQUERADE \ No newline at end of file