|
|
|
@ -2,13 +2,15 @@
|
|
|
|
|
- name: Install StrongSwan
|
|
|
|
|
apt: name=strongswan state=latest update_cache=yes
|
|
|
|
|
|
|
|
|
|
- name: Modify sysctl values to route traffic appropriately
|
|
|
|
|
sysctl:
|
|
|
|
|
- name=net.ipv4.ip_forwarding value=1
|
|
|
|
|
- name=net.ipv4.conf.all.accept_redirects value=0
|
|
|
|
|
- name=net.ipv4.conf.all.send_redirects value=0
|
|
|
|
|
- name: Enable packet forwarding for IPv4
|
|
|
|
|
sysctl: name=net.ipv4.ip_forward value=1
|
|
|
|
|
|
|
|
|
|
- name: Do not accept ICMP redirects (prevent MITM attacks)
|
|
|
|
|
sysctl: name=net.ipv4.conf.all.accept_redirects value=0
|
|
|
|
|
|
|
|
|
|
- name: Do not accept ICMP redirects (prevent MITM attacks)
|
|
|
|
|
sysctl: name=net.ipv4.conf.all.send_redirects value=0
|
|
|
|
|
|
|
|
|
|
- name: Configure IPTables to route traffic appropriately
|
|
|
|
|
iptables:
|
|
|
|
|
- table=nat chain=POSTROUTING src=10.0.0.0/24 dst=10.0.0.0/24 jump=MASQUERADE
|
|
|
|
|
iptables: table=nat chain=POSTROUTING source=10.0.0.0/24 out_interface=eth0 jump=MASQUERADE
|
|
|
|
|
|
|
|
|
|