4 - vpn_mode|default() in ('user-server', 'vpc-server', 'vpc-client')
17 - vpn_server_ip|default() != ''
18 when: vpn_mode|default() == 'vpc-client'
21 - name: Install packages
29 - name: Install pip things
36 - name: openvpn config directories
42 path: /etc/openvpn/{{ item }}
47 - name: openvpn cert directory
50 path: /etc/openvpn/keys
55 - name: openvpn log directory
58 path: /var/log/openvpn
63 - name: openvpn log files
72 dest: /var/log/openvpn/{{ item }}
77 - name: rotate user logs
78 when: vpn_mode == 'user-server'
80 src: openvpn-user.logrotate
81 dest: /etc/logrotate.d/openvpn-user
86 - name: rotate vpc logs
87 when: vpn_mode == 'vpc-server'
89 src: openvpn-vpc.logrotate
90 dest: /etc/logrotate.d/openvpn-vpc
95 - name: install scripts
96 when: vpn_mode == 'user-server'
102 dest: /etc/openvpn/scripts/{{ item }}
107 - name: generate dh parameters
108 command: /usr/bin/openssl dhparam -out /etc/openvpn/keys/dh.pem 4096
110 creates: /etc/openvpn/keys/dh.pem
114 - file: ca.{{ ca_name|lower }}.crt
115 content: "{{ ca_cert }}"
117 - file: crl.{{ ca_name|lower }}.pem
118 content: "{{ crl_pem }}"
120 - file: "{{ vpc_region }}.{{ ca_name|lower }}.crt"
121 content: "{{ cert }}"
123 - file: "{{ vpc_region }}.{{ ca_name|lower }}.key"
127 dest: /etc/openvpn/keys/{{ item.file }}
128 content: "{{ item.content }}"
129 mode: "{{ item.mode }}"
135 - name: configure openvpn
137 src: "{{ vpn_mode }}.conf.j2"
138 dest: /etc/openvpn/{{ vpc_region }}-{{ vpn_mode }}.conf
145 - name: enable openvpn
152 - name: configure log shipping
154 src: awslogs.openvpn.conf
155 dest: /etc/awslogs/config/openvpn.conf