Skip to content

nl2go/ansible-role-vpn-gateway

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

27 Commits
defaults
defaults
 
 
handlers
handlers
 
 
meta
meta
 
 
molecule
molecule
 
 
tasks
tasks
 
 
templates
templates
 
 
.editorconfig
.editorconfig
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
.yamllint
.yamllint
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 

Repository files navigation

Travis (.org) branch Ansible Galaxy GitHub tag (latest by date) Ansible Galaxy Downloads

Ansible Role: VPN Gateway

An Ansible Role that manages a VPN tunnel setup between two peers based on IPsec / strongSwan and provides gateway related routing configuration.

Role Variables

Available variables are listed below, along with default values (see defaults/main.yml):

vpn_gateway_configs:
  - name: default
    psk: secret

Configuration sets must be defined using vpn_gateway_configs variable. The name of the configuration set is mandatory and used for identification. Pre-shared key can be specified using psk.

vpn_gateway_configs:
  - name: default
    state: absent

The specific gateway configuration can be removed using state: absent.

vpn_gateway_configs:
  - name: default
    psk: secret
    params:
      lifetime: 8h

General connection parameters like lifetime may be set within params section (s. ipsec.conf for full parameter description).

vpn_gateway_configs:
  - name: default
    psk: secret
    local:
      public: 1.1.1.1
      networks:
        - 172.4.0.0/21
    remote:
      public: 1.2.3.4
      networks:
        - 172.240.0.0/21
        - 10.2.0.0/16

A configuration set contains the local and remote peer configuration part.

vpn_gateway_default_config_params:
  type: tunnel
  keyingtries: 0
  ikelifetime: 1h
  lifetime: 8h
  dpddelay: 300s
  dpdtimeout: 120
  dpdaction: clear
  authby: secret
  auto: start
  esp: aes256-sha256-modp3072
  ike: aes256-sha256-modp3072
  keyexchange: ikev2
  leftfirewall: 'yes'
  compress: 'no'
  rekey: 'no'
  fragmentation: 'yes'
  forceencaps: 'yes'

The params within vpn_gateway_configs extend/override default connection parameters present above.

vpn_gateway_config_dir: "/etc/ipsec.d/{{ role_name }}"

Defines the custom IPsec configuration directory for isolation purposes.

Tags

Tags can be used to limit the role execution to a particular task module. Following tags are available:

  • vpn_gateway: Covers the full role lifecycle.
  • vpn_gateway_validate, validate: Validates given configuration.
  • vpn_gateway_install, install: Installs required packages.
  • vpn_gateway_config, config: Configures required packages.

Dependencies

None.

Example Playbook

- hosts: all
  roles:
     - nl2go.vpn_gateway

Development

Use docker-molecule following the instructions to run Molecule or install Molecule locally (not recommended, version conflicts might appear).

Provide Hetzner Cloud token:

export HCLOUD_TOKEN=123abc456efg

Use following to run tests:

molecule test --all

Maintainers

License

See the LICENSE.md file for details.

Author Information

This role was created by in 2020 by Newsletter2Go GmbH.

About

An Ansible Role that manages a VPN tunnel setup between two peers based on IPsec / strongSwan and provides gateway related routing configuration.

Topics

ansible ipsec ansible-role gateway vpn

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

4 stars

Watchers

1 watching

Forks

3 forks
Report repository

Releases

5 tags

Packages

 
 
 

Contributors