nl2go.vpn_gateway

Panoramica Versioni Approfondimenti

Ansible Role: VPN Gateway

This Ansible Role sets up and manages a VPN tunnel between two peers using IPsec and strongSwan. It also provides routing configuration for the gateway.

Role Variables

Here are the available variables with their default values (found in defaults/main.yml):

  • vpn_gateway_configs: This is where you define the configuration sets. You must include a name for each configuration, which is required for identification, and a psk (pre-shared key) for security.

Example:

vpn_gateway_configs:
  - name: default
    psk: secret
  • If you want to remove a specific gateway configuration, use the following:
vpn_gateway_configs:
  - name: default
    state: absent
  • You can add connection parameters like lifetime in the params section:
vpn_gateway_configs:
  - name: default
    psk: secret
    params:
      lifetime: 8h
  • Define local and remote peer configurations like this:
vpn_gateway_configs:
  - name: default
    psk: secret
    local:
      public: 1.1.1.1
      networks:
        - 172.4.0.0/21
    remote:
      public: 1.2.3.4
      networks:
        - 172.240.0.0/21
        - 10.2.0.0/16
  • Default parameters for the VPN connection can be set as follows:
vpn_gateway_default_config_params:
  type: tunnel
  keyingtries: 0
  ikelifetime: 1h
  lifetime: 8h
  dpddelay: 300s
  dpdtimeout: 120
  dpdaction: clear
  authby: secret
  auto: start
  esp: aes256-sha256-modp3072
  ike: aes256-sha256-modp3072
  keyexchange: ikev2
  leftfirewall: 'yes'
  compress: 'no'
  rekey: 'no'
  fragmentation: 'yes'
  forceencaps: 'yes'
  • The directory for custom IPsec configuration can be set as:
vpn_gateway_config_dir: "/etc/ipsec.d/{{ role_name }}"

Tags

You can use tags to limit which tasks are executed in this role. Here are the available tags:

  • vpn_gateway: Manages the entire role lifecycle.
  • vpn_gateway_validate, validate: Checks the configuration.
  • vpn_gateway_install, install: Installs necessary packages.
  • vpn_gateway_config, config: Configures the required packages.

Dependencies

This role has no dependencies.

Example Playbook

Here’s how you can use this role in a playbook:

- hosts: all
  roles:
    - nl2go.vpn_gateway

Development

Follow the instructions for docker-molecule to use Molecule for testing. It’s also possible to install Molecule locally (though not recommended due to potential version conflicts).

You need to provide a Hetzner Cloud token like this:

export HCLOUD_TOKEN=123abc456efg

Run the tests with:

molecule test --all

Maintainers

License

Check the LICENSE.md file for details.

Author Information

This role was created in 2020 by Newsletter2Go GmbH.

Informazioni sul progetto

Manages a VPN tunnel setup between two peers based on IPsec/strongSwanand provides gateway related routing configuration.

role datacenter ipsec iptables nat network strongswan
Installa
ansible-galaxy install nl2go.vpn_gateway
GitHub repository
4 stelle
2 fork
2 problemi aperti
Licenza
mit
Download
5.1k
Proprietario