algo/roles/client/tasks/main.yml

- name: Gather Facts
  setup:

- name: Include system based facts and tasks
  import_tasks: systems/main.yml

- name: Install prerequisites
  package: name="{{ item }}" state=present
  with_items:
    - "{{ prerequisites }}"
  register: result
  until: result is succeeded
  retries: 10
  delay: 3

- name: Install strongSwan
  package: name=strongswan state=present
  register: result
  until: result is succeeded
  retries: 10
  delay: 3

- name: Setup the ipsec config
  template:
    src: "roles/strongswan/templates/client_ipsec.conf.j2"
    dest: "{{ configs_prefix }}/ipsec.{{ IP_subject_alt_name }}.conf"
    mode: '0644'
  with_items:
    - "{{ vpn_user }}"
  notify:
    - restart strongswan

- name: Setup the ipsec secrets
  template:
    src: "roles/strongswan/templates/client_ipsec.secrets.j2"
    dest: "{{ configs_prefix }}/ipsec.{{ IP_subject_alt_name }}.secrets"
    mode: '0600'
  with_items:
    - "{{ vpn_user }}"
  notify:
    - restart strongswan

- name: Include additional ipsec config
  lineinfile:
    dest: "{{ item.dest }}"
    line: "{{ item.line }}"
    create: yes
  with_items:
    - dest: "{{ configs_prefix }}/ipsec.conf"
      line: "include ipsec.{{ IP_subject_alt_name }}.conf"
    - dest: "{{ configs_prefix }}/ipsec.secrets"
      line: "include ipsec.{{ IP_subject_alt_name }}.secrets"
  notify:
    - restart strongswan

- name: Configure libstrongswan to relax CA constraints
  copy:
    src: libstrongswan-relax-constraints.conf
    dest: "{{ configs_prefix }}/strongswan.d/relax-ca-constraints.conf"
    owner: root
    group: root
    mode: 0644

- name: Setup the certificates and keys
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
  with_items:
    - src: "configs/{{ IP_subject_alt_name }}/ipsec/.pki/certs/{{ vpn_user }}.crt"
      dest: "{{ configs_prefix }}/ipsec.d/certs/{{ vpn_user }}.crt"
    - src: "configs/{{ IP_subject_alt_name }}/ipsec/.pki/cacert.pem"
      dest: "{{ configs_prefix }}/ipsec.d/cacerts/{{ IP_subject_alt_name }}.pem"
    - src: "configs/{{ IP_subject_alt_name }}/ipsec/.pki/private/{{ vpn_user }}.key"
      dest: "{{ configs_prefix }}/ipsec.d/private/{{ vpn_user }}.key"
  notify:
    - restart strongswan
Linux clients installation vpn #44 7 years ago			`- name: Gather Facts`
			`setup:`

			`- name: Include system based facts and tasks`
Large refactor to support Ansible 2.5 (#976) * Refactoring, booleans declaration and update users fix * Make server_name more FQDN compatible * Rename variables * Define the default value for store_cakey * Skip a prompt about the SSH user if deploying to localhost * Disable reboot for non-cloud deployments * Enable EC2 volume encryption by default * Add default server value (localhost) for the local installation Delete empty files * Add default region to aws_region_facts * Update docs * EC2 credentials fix * Warnings fix * Update deploy-from-ansible.md * Fix a typo * Remove lightsail from the docs * Disable EC2 encryption by default * rename droplet to server * Disable dependencies * Disable tls_cipher_suite * Convert wifi-exclude to a string. Update-users fix * SSH access congrats fix * 16.04 > 18.04 * Dont ask for the credentials if specified in the environment vars * GCE server name fix 6 years ago			`import_tasks: systems/main.yml`
Linux clients installation vpn #44 7 years ago
			`- name: Install prerequisites`
			`package: name="{{ item }}" state=present`
			`with_items:`
			`- "{{ prerequisites }}"`
Refactoring, Linting and additional tests (#1397) * Refactoring, Linting and additional tests * Vultr: Undefined variable and deprecation notes fix * Travis-CI enable linters * Azure: Update python requirements * Update main.yml * Update install.sh * Add missing roles to ansible-lint * Linting for skipped roles * add .ansible-lint config 5 years ago			`register: result`
			`until: result is succeeded`
			`retries: 10`
			`delay: 3`
Linux clients installation vpn #44 7 years ago
Minor name and documentation edits (#327) 7 years ago			`- name: Install strongSwan`
Linux clients installation vpn #44 7 years ago			`package: name=strongswan state=present`
Refactoring, Linting and additional tests (#1397) * Refactoring, Linting and additional tests * Vultr: Undefined variable and deprecation notes fix * Travis-CI enable linters * Azure: Update python requirements * Update main.yml * Update install.sh * Add missing roles to ansible-lint * Linting for skipped roles * add .ansible-lint config 5 years ago			`register: result`
			`until: result is succeeded`
			`retries: 10`
			`delay: 3`
Linux clients installation vpn #44 7 years ago
			`- name: Setup the ipsec config`
			`template:`
Refactoring, Linting and additional tests (#1397) * Refactoring, Linting and additional tests * Vultr: Undefined variable and deprecation notes fix * Travis-CI enable linters * Azure: Update python requirements * Update main.yml * Update install.sh * Add missing roles to ansible-lint * Linting for skipped roles * add .ansible-lint config 5 years ago			`src: "roles/strongswan/templates/client_ipsec.conf.j2"`
Linux clients installation vpn #44 7 years ago			`dest: "{{ configs_prefix }}/ipsec.{{ IP_subject_alt_name }}.conf"`
			`mode: '0644'`
			`with_items:`
Some fixes. Fedora client. Close #44 7 years ago			`- "{{ vpn_user }}"`
Linux clients installation vpn #44 7 years ago			`notify:`
			`- restart strongswan`

			`- name: Setup the ipsec secrets`
			`template:`
Refactoring, Linting and additional tests (#1397) * Refactoring, Linting and additional tests * Vultr: Undefined variable and deprecation notes fix * Travis-CI enable linters * Azure: Update python requirements * Update main.yml * Update install.sh * Add missing roles to ansible-lint * Linting for skipped roles * add .ansible-lint config 5 years ago			`src: "roles/strongswan/templates/client_ipsec.secrets.j2"`
Linux clients installation vpn #44 7 years ago			`dest: "{{ configs_prefix }}/ipsec.{{ IP_subject_alt_name }}.secrets"`
			`mode: '0600'`
			`with_items:`
Some fixes. Fedora client. Close #44 7 years ago			`- "{{ vpn_user }}"`
Linux clients installation vpn #44 7 years ago			`notify:`
			`- restart strongswan`

			`- name: Include additional ipsec config`
			`lineinfile:`
			`dest: "{{ item.dest }}"`
			`line: "{{ item.line }}"`
			`create: yes`
			`with_items:`
			`- dest: "{{ configs_prefix }}/ipsec.conf"`
client fixes (#605) 7 years ago			`line: "include ipsec.{{ IP_subject_alt_name }}.conf"`
Linux clients installation vpn #44 7 years ago			`- dest: "{{ configs_prefix }}/ipsec.secrets"`
client fixes (#605) 7 years ago			`line: "include ipsec.{{ IP_subject_alt_name }}.secrets"`
Linux clients installation vpn #44 7 years ago			`notify:`
			`- restart strongswan`

relax CA constraints for client (the client equivalent of PR #1675) (#1768) * relax CA constraints for client (the client equivalent of PR #1675) * fixing incorrectly hard-coded output file path 4 years ago			`- name: Configure libstrongswan to relax CA constraints`
			`copy:`
			`src: libstrongswan-relax-constraints.conf`
			`dest: "{{ configs_prefix }}/strongswan.d/relax-ca-constraints.conf"`
			`owner: root`
			`group: root`
			`mode: 0644`

Linux clients installation vpn #44 7 years ago			`- name: Setup the certificates and keys`
			`template:`
			`src: "{{ item.src }}"`
			`dest: "{{ item.dest }}"`
			`with_items:`
Refactoring (#1334) <!--- Provide a general summary of your changes in the Title above --> ## Description Renames the vpn role to strongswan, and split up the variables to support 2 separate VPNs. Closes #1330 and closes #1162 Configures Ansible to use python3 on the server side. Closes #1024 Removes unneeded playbooks, reorganises a lot of variables Reorganises the `config` folder. Closes #1330 <details><summary>Here is how the config directory looks like now</summary> <p> ``` configs/X.X.X.X/ \|-- ipsec \| \|-- apple \| \| \|-- desktop.mobileconfig \| \| \|-- laptop.mobileconfig \| \| `-- phone.mobileconfig \| \|-- manual \| \| \|-- cacert.pem \| \| \|-- desktop.p12 \| \| \|-- desktop.ssh.pem \| \| \|-- ipsec_desktop.conf \| \| \|-- ipsec_desktop.secrets \| \| \|-- ipsec_laptop.conf \| \| \|-- ipsec_laptop.secrets \| \| \|-- ipsec_phone.conf \| \| \|-- ipsec_phone.secrets \| \| \|-- laptop.p12 \| \| \|-- laptop.ssh.pem \| \| \|-- phone.p12 \| \| `-- phone.ssh.pem \| `-- windows \| \|-- desktop.ps1 \| \|-- laptop.ps1 \| `-- phone.ps1 \|-- ssh-tunnel \| \|-- desktop.pem \| \|-- desktop.pub \| \|-- laptop.pem \| \|-- laptop.pub \| \|-- phone.pem \| \|-- phone.pub \| `-- ssh_config `-- wireguard \|-- desktop.conf \|-- desktop.png \|-- laptop.conf \|-- laptop.png \|-- phone.conf `-- phone.png ``` ![finder](https://i.imgur.com/FtOmKO0.png) </p> </details> ## Motivation and Context This refactoring is focused to aim to the 1.0 release ## How Has This Been Tested? Deployed to several cloud providers with various options enabled and disabled ## Types of changes <!--- What types of changes does your code introduce? Put an `x` in all the boxes that apply: --> - [x] Refactoring ## Checklist: <!--- Go over all the following points, and put an `x` in all the boxes that apply. --> <!--- If you're unsure about any of these, don't hesitate to ask. We're here to help! --> - [x] I have read the CONTRIBUTING document. - [x] My code follows the code style of this project. - [x] My change requires a change to the documentation. - [x] I have updated the documentation accordingly. - [x] All new and existing tests passed. 5 years ago			`- src: "configs/{{ IP_subject_alt_name }}/ipsec/.pki/certs/{{ vpn_user }}.crt"`
client fixes (#605) 7 years ago			`dest: "{{ configs_prefix }}/ipsec.d/certs/{{ vpn_user }}.crt"`
Refactoring (#1334) <!--- Provide a general summary of your changes in the Title above --> ## Description Renames the vpn role to strongswan, and split up the variables to support 2 separate VPNs. Closes #1330 and closes #1162 Configures Ansible to use python3 on the server side. Closes #1024 Removes unneeded playbooks, reorganises a lot of variables Reorganises the `config` folder. Closes #1330 <details><summary>Here is how the config directory looks like now</summary> <p> ``` configs/X.X.X.X/ \|-- ipsec \| \|-- apple \| \| \|-- desktop.mobileconfig \| \| \|-- laptop.mobileconfig \| \| `-- phone.mobileconfig \| \|-- manual \| \| \|-- cacert.pem \| \| \|-- desktop.p12 \| \| \|-- desktop.ssh.pem \| \| \|-- ipsec_desktop.conf \| \| \|-- ipsec_desktop.secrets \| \| \|-- ipsec_laptop.conf \| \| \|-- ipsec_laptop.secrets \| \| \|-- ipsec_phone.conf \| \| \|-- ipsec_phone.secrets \| \| \|-- laptop.p12 \| \| \|-- laptop.ssh.pem \| \| \|-- phone.p12 \| \| `-- phone.ssh.pem \| `-- windows \| \|-- desktop.ps1 \| \|-- laptop.ps1 \| `-- phone.ps1 \|-- ssh-tunnel \| \|-- desktop.pem \| \|-- desktop.pub \| \|-- laptop.pem \| \|-- laptop.pub \| \|-- phone.pem \| \|-- phone.pub \| `-- ssh_config `-- wireguard \|-- desktop.conf \|-- desktop.png \|-- laptop.conf \|-- laptop.png \|-- phone.conf `-- phone.png ``` ![finder](https://i.imgur.com/FtOmKO0.png) </p> </details> ## Motivation and Context This refactoring is focused to aim to the 1.0 release ## How Has This Been Tested? Deployed to several cloud providers with various options enabled and disabled ## Types of changes <!--- What types of changes does your code introduce? Put an `x` in all the boxes that apply: --> - [x] Refactoring ## Checklist: <!--- Go over all the following points, and put an `x` in all the boxes that apply. --> <!--- If you're unsure about any of these, don't hesitate to ask. We're here to help! --> - [x] I have read the CONTRIBUTING document. - [x] My code follows the code style of this project. - [x] My change requires a change to the documentation. - [x] I have updated the documentation accordingly. - [x] All new and existing tests passed. 5 years ago			`- src: "configs/{{ IP_subject_alt_name }}/ipsec/.pki/cacert.pem"`
Linux clients installation vpn #44 7 years ago			`dest: "{{ configs_prefix }}/ipsec.d/cacerts/{{ IP_subject_alt_name }}.pem"`
Refactoring (#1334) <!--- Provide a general summary of your changes in the Title above --> ## Description Renames the vpn role to strongswan, and split up the variables to support 2 separate VPNs. Closes #1330 and closes #1162 Configures Ansible to use python3 on the server side. Closes #1024 Removes unneeded playbooks, reorganises a lot of variables Reorganises the `config` folder. Closes #1330 <details><summary>Here is how the config directory looks like now</summary> <p> ``` configs/X.X.X.X/ \|-- ipsec \| \|-- apple \| \| \|-- desktop.mobileconfig \| \| \|-- laptop.mobileconfig \| \| `-- phone.mobileconfig \| \|-- manual \| \| \|-- cacert.pem \| \| \|-- desktop.p12 \| \| \|-- desktop.ssh.pem \| \| \|-- ipsec_desktop.conf \| \| \|-- ipsec_desktop.secrets \| \| \|-- ipsec_laptop.conf \| \| \|-- ipsec_laptop.secrets \| \| \|-- ipsec_phone.conf \| \| \|-- ipsec_phone.secrets \| \| \|-- laptop.p12 \| \| \|-- laptop.ssh.pem \| \| \|-- phone.p12 \| \| `-- phone.ssh.pem \| `-- windows \| \|-- desktop.ps1 \| \|-- laptop.ps1 \| `-- phone.ps1 \|-- ssh-tunnel \| \|-- desktop.pem \| \|-- desktop.pub \| \|-- laptop.pem \| \|-- laptop.pub \| \|-- phone.pem \| \|-- phone.pub \| `-- ssh_config `-- wireguard \|-- desktop.conf \|-- desktop.png \|-- laptop.conf \|-- laptop.png \|-- phone.conf `-- phone.png ``` ![finder](https://i.imgur.com/FtOmKO0.png) </p> </details> ## Motivation and Context This refactoring is focused to aim to the 1.0 release ## How Has This Been Tested? Deployed to several cloud providers with various options enabled and disabled ## Types of changes <!--- What types of changes does your code introduce? Put an `x` in all the boxes that apply: --> - [x] Refactoring ## Checklist: <!--- Go over all the following points, and put an `x` in all the boxes that apply. --> <!--- If you're unsure about any of these, don't hesitate to ask. We're here to help! --> - [x] I have read the CONTRIBUTING document. - [x] My code follows the code style of this project. - [x] My change requires a change to the documentation. - [x] I have updated the documentation accordingly. - [x] All new and existing tests passed. 5 years ago			`- src: "configs/{{ IP_subject_alt_name }}/ipsec/.pki/private/{{ vpn_user }}.key"`
client fixes (#605) 7 years ago			`dest: "{{ configs_prefix }}/ipsec.d/private/{{ vpn_user }}.key"`
Linux clients installation vpn #44 7 years ago			`notify:`
			`- restart strongswan`