|
|
|
@ -24,21 +24,6 @@
|
|
|
|
|
- strongswan
|
|
|
|
|
- netfilter-persistent
|
|
|
|
|
|
|
|
|
|
- name: Ubuntu | Configure iptables so IPSec traffic can traverse the tunnel
|
|
|
|
|
iptables: table=nat chain=POSTROUTING source="{{ vpn_network }}" jump=MASQUERADE
|
|
|
|
|
when: (security_enabled is not defined) or
|
|
|
|
|
(security_enabled is defined and security_enabled != "y")
|
|
|
|
|
notify:
|
|
|
|
|
- save iptables
|
|
|
|
|
|
|
|
|
|
- name: Ubuntu | Configure ip6tables so IPSec traffic can traverse the tunnel
|
|
|
|
|
iptables: ip_version=ipv6 table=nat chain=POSTROUTING source="{{ vpn_network_ipv6 }}" jump=MASQUERADE
|
|
|
|
|
when: ((security_enabled is not defined) or
|
|
|
|
|
(security_enabled is defined and security_enabled != "y")) and
|
|
|
|
|
ipv6_support is defined and ipv6_support == "yes"
|
|
|
|
|
notify:
|
|
|
|
|
- save iptables
|
|
|
|
|
|
|
|
|
|
- name: Ubuntu | Ensure that the strongswan service directory exist
|
|
|
|
|
file: path=/etc/systemd/system/strongswan.service.d/ state=directory mode=0755 owner=root group=root
|
|
|
|
|
|
|
|
|
|