vm-ansible/roles/openvpn/tasks/main.yaml

50 lines
1.1 KiB
YAML

---
- name: "Install openvpn-server via apt"
apt:
update_cache: yes
state: present
name:
- openvpn-server
- name : "Enable ipv4 forwarding via sysctl"
ansible.posix.sysctl:
name: net.ipv4.ip_forward
value: '1'
sysctl_set: yes
state: present
reload: yes
- name: Enable and restart openvpn daemon
service:
name: openvpn
state: restarted
enabled: yes
- name: Check if AllowUsers is defined
lineinfile:
state: absent
path: /etc/ufw/before.rules
regexp: "^# START OPENVPN"
check_mode: true
changed_when: false
register: checkufwrules
- name: Insert openvpn iptables rules
blockinfile:
path: /etc/ufw/before.rules
block: |
# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Allow traffic from OpenVPN client to everywhere
-A POSTROUTING -s 192.168.37.0/24 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.37.0/24 -o eth2 -j MASQUERADE
COMMIT
# END OPENVPN RULES
- name: Reload ufw
community.general.ufw:
state: reloaded
...