--- - name: "Install openvpn-server via apt" ansible.builtin.apt: update_cache: yes state: present name: - openvpn - name : "Enable ipv4 forwarding via sysctl" ansible.posix.sysctl: name: net.ipv4.ip_forward value: '1' sysctl_set: yes state: present reload: yes - name: Enable and restart openvpn daemon ansible.builtin.service: name: openvpn-server@stargate state: restarted enabled: yes - name: Check if AllowUsers is defined ansible.builtin.lineinfile: state: absent path: /etc/ufw/before.rules regexp: "^# START OPENVPN" check_mode: true changed_when: false register: checkufwrules - name: Insert openvpn iptables rules ansible.builtin.blockinfile: path: /etc/ufw/before.rules block: | # START OPENVPN RULES # NAT table rules *nat -F :POSTROUTING ACCEPT [0:0] # Allow traffic from OpenVPN client to everywhere -A POSTROUTING -s 192.168.37.0/24 -o eth0 -j MASQUERADE -A POSTROUTING -s 192.168.37.0/24 -o eth2 -j MASQUERADE COMMIT *filter -A ufw-before-input -i tun+ -j ACCEPT -A ufw-before-forward -i tun+ -j ACCEPT -A ufw-before-forward -i tun+ -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A ufw-before-forward -i eth0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT -A ufw-before-forward -i tun+ -o eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT -A ufw-before-forward -i eth2 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT COMMIT # END OPENVPN RULES - name: Reload ufw community.general.ufw: state: reloaded - name: Apply custom ufw rules community.general.ufw: rule: allow direction: "in" interface: tun0 ...