fix what was here, script runs now

8 years ago · 041c6da9b0
parent e8993b06dd
commit 041c6da9b0
3 changed files with 10 additions and 8 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+*.retry
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@ -2,13 +2,15 @@
 - name: Install StrongSwan
  apt: name=strongswan state=latest update_cache=yes

- name: Modify sysctl values to route traffic appropriately
-  sysctl:
-  - name=net.ipv4.ip_forwarding value=1
-  - name=net.ipv4.conf.all.accept_redirects value=0
-  - name=net.ipv4.conf.all.send_redirects value=0
+- name: Enable packet forwarding for IPv4
+  sysctl: name=net.ipv4.ip_forward value=1
+
+- name: Do not accept ICMP redirects (prevent MITM attacks)
+  sysctl: name=net.ipv4.conf.all.accept_redirects value=0
+
+- name: Do not accept ICMP redirects (prevent MITM attacks)
+  sysctl: name=net.ipv4.conf.all.send_redirects value=0

 - name: Configure IPTables to route traffic appropriately
-  iptables:
-  - table=nat chain=POSTROUTING src=10.0.0.0/24 dst=10.0.0.0/24 jump=MASQUERADE
+  iptables: table=nat chain=POSTROUTING source=10.0.0.0/24 out_interface=eth0 jump=MASQUERADE

--- a/vpn.yml
+++ b/vpn.yml
@ -1,5 +1,4 @@
 ---
-
 - name: Install StrongSwan and its dependencies
  hosts: vpn
  roles: