From e8993b06ddd3262f18992d2f9bc5cc04c45fb5af Mon Sep 17 00:00:00 2001
From: Dan Guido <dan@trailofbits.com>
Date: Sat, 14 May 2016 23:43:37 -0400
Subject: [PATCH] initial commit

---
 ansible.cfg                 |  3 +++
 inventory                   |  2 ++
 roles/common/tasks/main.yml | 14 ++++++++++++++
 vpn.yml                     |  6 ++++++
 4 files changed, 25 insertions(+)
 create mode 100644 ansible.cfg
 create mode 100644 inventory
 create mode 100644 roles/common/tasks/main.yml
 create mode 100644 vpn.yml

diff --git a/ansible.cfg b/ansible.cfg
new file mode 100644
index 0000000..3b4f3a4
--- /dev/null
+++ b/ansible.cfg
@@ -0,0 +1,3 @@
+[defaults]
+inventory = inventory
+remote_user = root
diff --git a/inventory b/inventory
new file mode 100644
index 0000000..6b86104
--- /dev/null
+++ b/inventory
@@ -0,0 +1,2 @@
+[vpn]
+104.236.56.30
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
new file mode 100644
index 0000000..d617f88
--- /dev/null
+++ b/roles/common/tasks/main.yml
@@ -0,0 +1,14 @@
+---
+- name: Install StrongSwan
+  apt: name=strongswan state=latest update_cache=yes
+
+- name: Modify sysctl values to route traffic appropriately
+  sysctl:
+  - name=net.ipv4.ip_forwarding value=1
+  - name=net.ipv4.conf.all.accept_redirects value=0
+  - name=net.ipv4.conf.all.send_redirects value=0
+
+- name: Configure IPTables to route traffic appropriately
+  iptables:
+  - table=nat chain=POSTROUTING src=10.0.0.0/24 dst=10.0.0.0/24 jump=MASQUERADE
+
diff --git a/vpn.yml b/vpn.yml
new file mode 100644
index 0000000..2f58f96
--- /dev/null
+++ b/vpn.yml
@@ -0,0 +1,6 @@
+---
+
+- name: Install StrongSwan and its dependencies
+  hosts: vpn
+  roles:
+    - common