From b6ad3256154f306c1965fe7805ed50a0c720db22 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Vi=C3=B1ar=20Ulriksen?= Date: Thu, 14 May 2020 19:32:37 -0300 Subject: [PATCH 1/4] Ensure ip_forward when deploying with th role. Closes #159 --- tasks/system/forwarding.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tasks/system/forwarding.yml b/tasks/system/forwarding.yml index 8d1a73a..f047951 100644 --- a/tasks/system/forwarding.yml +++ b/tasks/system/forwarding.yml @@ -7,7 +7,7 @@ sysctl_set: true state: present reload: true - when: not lookup('env', 'IN_MOLECULE') | d(true, true) | bool + when: ( not lookup('env', 'IN_MOLECULE') ) | d(true, true) | bool - name: Set IPv6 forwarding in the sysctl file and reload if necessary sysctl: @@ -17,5 +17,5 @@ state: present reload: true when: - not lookup('env', 'IN_MOLECULE') | d(true, true) | bool + ( not lookup('env', 'IN_MOLECULE') ) | d(true, true) | bool and openvpn_ipv6_server is defined From e6ffe338a572783918f43bb8dd4cda9f4c97cc92 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Vi=C3=B1ar=20Ulriksen?= Date: Thu, 14 May 2020 21:37:09 -0300 Subject: [PATCH 2/4] Delete unuseful file. Closes #3 --- tasks/configure.yml | 61 --------------------------------------------- 1 file changed, 61 deletions(-) delete mode 100644 tasks/configure.yml diff --git a/tasks/configure.yml b/tasks/configure.yml deleted file mode 100644 index a1cb872..0000000 --- a/tasks/configure.yml +++ /dev/null @@ -1,61 +0,0 @@ ---- - -- name: Setup PAM - template: - src: openvpn.pam.j2 - dest: /etc/pam.d/openvpn - when: openvpn_use_pam | bool - -- name: Configure users - htpasswd: - path: "{{ openvpn_etcdir }}/users" - name: "{{ item.name }}" - password: "{{ item.password }}" - crypt_scheme: des_crypt - loop: "{{ openvpn_use_pam_users }}" - -- name: Setup LDAP - template: - src: auth-ldap.conf.j2 - dest: /etc/openvpn/auth-ldap.conf - when: openvpn_use_ldap | bool - -- name: Setup simple authentication - template: - src: auth-client.sh.j2 - dest: "{{ openvpn_etcdir }}/auth-client.sh" - mode: 0o755 - when: - - openvpn_simple_auth | bool - - openvpn_simple_auth_password | bool - notify: openvpn restart - -- name: Configure server - template: - src: server.conf.j2 - dest: "{{ openvpn_etcdir }}/server.conf" - notify: openvpn restart - -- name: Ensure openvpn key dir has the right permission - file: - path: "{{ openvpn_keydir }}" - state: directory - mode: 0o700 - owner: "{{ openvpn_user }}" - -- name: Set IPv4 forwarding in the sysctl file and reload if necessary - sysctl: - name: net.ipv4.ip_forward - value: '1' - sysctl_set: true - state: present - reload: true - -- name: Set IPv6 forwarding in the sysctl file and reload if necessary - sysctl: - name: net.ipv6.conf.all.forwarding - value: '1' - sysctl_set: true - state: present - reload: true - when: openvpn_ipv6_server is defined From a38d42b80a15491e87587748c99edcd3cfb540f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Vi=C3=B1ar=20Ulriksen?= Date: Fri, 15 May 2020 09:03:40 -0300 Subject: [PATCH 3/4] Fixes not ip_forward when testing with molecule. See #159 --- tasks/system/forwarding.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tasks/system/forwarding.yml b/tasks/system/forwarding.yml index f047951..e059727 100644 --- a/tasks/system/forwarding.yml +++ b/tasks/system/forwarding.yml @@ -7,7 +7,7 @@ sysctl_set: true state: present reload: true - when: ( not lookup('env', 'IN_MOLECULE') ) | d(true, true) | bool + when: not ( lookup('env', 'IN_MOLECULE') ) | d(true, true) ) | bool - name: Set IPv6 forwarding in the sysctl file and reload if necessary sysctl: @@ -17,5 +17,5 @@ state: present reload: true when: - ( not lookup('env', 'IN_MOLECULE') ) | d(true, true) | bool + not ( lookup('env', 'IN_MOLECULE') | d(true, true) ) | bool and openvpn_ipv6_server is defined From a54ed125acffe5f03c3e49eb543c92c4e89bdce3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Vi=C3=B1ar=20Ulriksen?= Date: Sat, 16 May 2020 08:45:55 -0300 Subject: [PATCH 4/4] 2d fix for #159 --- tasks/system/forwarding.yml | 4 ++-- templates/server.conf.j2 | 3 --- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/tasks/system/forwarding.yml b/tasks/system/forwarding.yml index e059727..c624353 100644 --- a/tasks/system/forwarding.yml +++ b/tasks/system/forwarding.yml @@ -7,7 +7,7 @@ sysctl_set: true state: present reload: true - when: not ( lookup('env', 'IN_MOLECULE') ) | d(true, true) ) | bool + when: not lookup('env', 'IN_MOLECULE') | d(false, true) | bool - name: Set IPv6 forwarding in the sysctl file and reload if necessary sysctl: @@ -17,5 +17,5 @@ state: present reload: true when: - not ( lookup('env', 'IN_MOLECULE') | d(true, true) ) | bool + not lookup('env', 'IN_MOLECULE') | d(false, true) | bool and openvpn_ipv6_server is defined diff --git a/templates/server.conf.j2 b/templates/server.conf.j2 index 99a282d..ca52b05 100644 --- a/templates/server.conf.j2 +++ b/templates/server.conf.j2 @@ -14,9 +14,6 @@ port {{ openvpn_port }} # TCP or UDP server? proto {{ openvpn_proto }} -{% if openvpn_ipv6_enabled %} -proto {{ openvpn_proto }}6 -{% endif %} {% if openvpn_ipv6_enabled | bool %} proto {{ openvpn_proto }}6