--- - name: Gather Facts setup: - name: Include system based facts and tasks import_tasks: systems/main.yml - name: Install prerequisites package: name="{{ item }}" state=present with_items: - "{{ prerequisites }}" register: result until: result is succeeded retries: 10 delay: 3 - name: Install strongSwan package: name=strongswan state=present register: result until: result is succeeded retries: 10 delay: 3 - name: Setup the ipsec config template: src: roles/strongswan/templates/client_ipsec.conf.j2 dest: "{{ configs_prefix }}/ipsec.{{ IP_subject_alt_name }}.conf" mode: "0644" with_items: - "{{ vpn_user }}" notify: - restart strongswan - name: Setup the ipsec secrets template: src: roles/strongswan/templates/client_ipsec.secrets.j2 dest: "{{ configs_prefix }}/ipsec.{{ IP_subject_alt_name }}.secrets" mode: "0600" with_items: - "{{ vpn_user }}" notify: - restart strongswan - name: Include additional ipsec config lineinfile: dest: "{{ item.dest }}" line: "{{ item.line }}" create: true with_items: - dest: "{{ configs_prefix }}/ipsec.conf" line: include ipsec.{{ IP_subject_alt_name }}.conf - dest: "{{ configs_prefix }}/ipsec.secrets" line: include ipsec.{{ IP_subject_alt_name }}.secrets notify: - restart strongswan - name: Configure libstrongswan to relax CA constraints copy: src: libstrongswan-relax-constraints.conf dest: "{{ configs_prefix }}/strongswan.d/relax-ca-constraints.conf" owner: root group: root mode: 0644 - name: Setup the certificates and keys template: src: "{{ item.src }}" dest: "{{ item.dest }}" with_items: - src: configs/{{ IP_subject_alt_name }}/ipsec/.pki/certs/{{ vpn_user }}.crt dest: "{{ configs_prefix }}/ipsec.d/certs/{{ vpn_user }}.crt" - src: configs/{{ IP_subject_alt_name }}/ipsec/.pki/cacert.pem dest: "{{ configs_prefix }}/ipsec.d/cacerts/{{ IP_subject_alt_name }}.pem" - src: configs/{{ IP_subject_alt_name }}/ipsec/.pki/private/{{ vpn_user }}.key dest: "{{ configs_prefix }}/ipsec.d/private/{{ vpn_user }}.key" notify: - restart strongswan