From 5383c714991819fef58742554fb2266e4d4fa180 Mon Sep 17 00:00:00 2001
From: Jack Ivanov <e601809@gmail.com>
Date: Thu, 3 Nov 2016 17:21:18 +0300
Subject: [PATCH] Fixed #108

---
 roles/vpn/tasks/main.yml            |  4 +++-
 roles/vpn/templates/mobileconfig.j2 | 20 ++++++++++----------
 2 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/roles/vpn/tasks/main.yml b/roles/vpn/tasks/main.yml
index fbe4b94..6fff583 100644
--- a/roles/vpn/tasks/main.yml
+++ b/roles/vpn/tasks/main.yml
@@ -170,6 +170,9 @@
 - name: Set facts for mobileconfigs
   set_fact:
     proxy_enabled: false
+    pkcs12_PayloadCertificateUUID: "{{ 900000 | random | to_uuid | upper }}"
+    VPN_PayloadIdentifier: "{{ 800000 | random | to_uuid | upper }}"
+    CA_PayloadIdentifier: "{{ 700000 | random | to_uuid | upper }}"
 
 - name: Build the mobileconfigs
   template: src=mobileconfig.j2 dest=/{{ easyrsa_dir }}/easyrsa3//pki/private/{{ item.0 }}.mobileconfig mode=0600
@@ -224,4 +227,3 @@
 
 - include: iptables.yml
   tags: iptables
-
diff --git a/roles/vpn/templates/mobileconfig.j2 b/roles/vpn/templates/mobileconfig.j2
index 5714839..762848a 100644
--- a/roles/vpn/templates/mobileconfig.j2
+++ b/roles/vpn/templates/mobileconfig.j2
@@ -44,7 +44,7 @@
                 <key>LocalIdentifier</key>
                 <string>{{ item.0 }}</string>
                 <key>PayloadCertificateUUID</key>
-                <string>1FB2907D-14D3-4BAB-A472-B304F4B7F7D9</string>
+                <string>{{ pkcs12_PayloadCertificateUUID }}</string>
                 <key>CertificateType</key>
                 <string>ECDSA256</string>
                 <key>ServerCertificateIssuerCommonName</key>
@@ -66,11 +66,11 @@
             <key>PayloadDisplayName</key>
             <string>VPN</string>
             <key>PayloadIdentifier</key>
-            <string>com.apple.vpn.managed.D247A30B-6023-4C8E-B3E3-FF1910A65E53</string>
+            <string>com.apple.vpn.managed.{{ VPN_PayloadIdentifier }}</string>
             <key>PayloadType</key>
             <string>com.apple.vpn.managed</string>
             <key>PayloadUUID</key>
-            <string>D247A30B-6023-4C8E-B3E3-FF1910A65E53</string>
+            <string>{{ VPN_PayloadIdentifier }}</string>
             <key>PayloadVersion</key>
             <real>1</real>
             <key>Proxies</key>
@@ -111,11 +111,11 @@
             <key>PayloadDisplayName</key>
             <string>{{ item.0 }}.p12</string>
             <key>PayloadIdentifier</key>
-            <string>com.apple.security.pkcs12.1FB2907D-14D3-4BAB-A472-B304F4B7F7D9</string>
+            <string>com.apple.security.pkcs12.{{ pkcs12_PayloadCertificateUUID }}</string>
             <key>PayloadType</key>
             <string>com.apple.security.pkcs12</string>
             <key>PayloadUUID</key>
-            <string>1FB2907D-14D3-4BAB-A472-B304F4B7F7D9</string>
+            <string>{{ pkcs12_PayloadCertificateUUID }}</string>
             <key>PayloadVersion</key>
             <integer>1</integer>
         </dict>
@@ -131,11 +131,11 @@
             <key>PayloadDisplayName</key>
             <string>{{ IP_subject_alt_name }}</string>
             <key>PayloadIdentifier</key>
-            <string>com.apple.security.root.32EA3AAA-D19E-43EF-B357-608218745A38</string>
+            <string>com.apple.security.root.{{ CA_PayloadIdentifier }}</string>
             <key>PayloadType</key>
             <string>com.apple.security.root</string>
             <key>PayloadUUID</key>
-            <string>32EA3AAA-D19E-43EF-B357-608218745A38</string>
+            <string>{{ CA_PayloadIdentifier }}</string>
             <key>PayloadVersion</key>
             <integer>1</integer>
         </dict>
@@ -148,16 +148,16 @@
 {% endif %}
     <key>PayloadIdentifier</key>
 {% if proxy_enabled is defined and proxy_enabled == true %}
-    <string>donut.local.37CA79B1-FC6A-421F-960A-90F91FC983BA</string>
+    <string>donut.local.{{ 600000 | random | to_uuid | upper }}</string>
   {% else %}
-    <string>donut.local.37CA79B1-FC6A-421F-960A-90F91FC983BE</string>
+    <string>donut.local.{{ 500000 | random | to_uuid | upper }}</string>
 {% endif %}
     <key>PayloadRemovalDisallowed</key>
     <false/>
     <key>PayloadType</key>
     <string>Configuration</string>
     <key>PayloadUUID</key>
-    <string>743B04A8-5725-45A2-B1BB-836F8C16DB0A</string>
+    <string>{{ 400000 | random | to_uuid | upper }}</string>
     <key>PayloadVersion</key>
     <integer>1</integer>
 </dict>