- name: Gather Facts setup: - name: Include system based facts and tasks import_tasks: systems/main.yml - name: Install prerequisites package: name="{{ item }}" state=present with_items: - "{{ prerequisites }}" register: result until: result is succeeded retries: 10 delay: 3 - name: Install strongSwan package: name=strongswan state=present register: result until: result is succeeded retries: 10 delay: 3 - name: Setup the ipsec config template: src: "roles/strongswan/templates/client_ipsec.conf.j2" dest: "{{ configs_prefix }}/ipsec.{{ IP_subject_alt_name }}.conf" mode: '0644' with_items: - "{{ vpn_user }}" notify: - restart strongswan - name: Setup the ipsec secrets template: src: "roles/strongswan/templates/client_ipsec.secrets.j2" dest: "{{ configs_prefix }}/ipsec.{{ IP_subject_alt_name }}.secrets" mode: '0600' with_items: - "{{ vpn_user }}" notify: - restart strongswan - name: Include additional ipsec config lineinfile: dest: "{{ item.dest }}" line: "{{ item.line }}" create: yes with_items: - dest: "{{ configs_prefix }}/ipsec.conf" line: "include ipsec.{{ IP_subject_alt_name }}.conf" - dest: "{{ configs_prefix }}/ipsec.secrets" line: "include ipsec.{{ IP_subject_alt_name }}.secrets" notify: - restart strongswan - name: Configure libstrongswan to relax CA constraints copy: src: libstrongswan-relax-constraints.conf dest: "{{ configs_prefix }}/strongswan.d/relax-ca-constraints.conf" owner: root group: root mode: 0644 - name: Setup the certificates and keys template: src: "{{ item.src }}" dest: "{{ item.dest }}" with_items: - src: "configs/{{ IP_subject_alt_name }}/ipsec/.pki/certs/{{ vpn_user }}.crt" dest: "{{ configs_prefix }}/ipsec.d/certs/{{ vpn_user }}.crt" - src: "configs/{{ IP_subject_alt_name }}/ipsec/.pki/cacert.pem" dest: "{{ configs_prefix }}/ipsec.d/cacerts/{{ IP_subject_alt_name }}.pem" - src: "configs/{{ IP_subject_alt_name }}/ipsec/.pki/private/{{ vpn_user }}.key" dest: "{{ configs_prefix }}/ipsec.d/private/{{ vpn_user }}.key" notify: - restart strongswan