4 - vpn_mode|default() in ('user-server', 'vpc-server', 'vpc-client')
17 - vpn_server_ip|default() != ''
18 when: vpn_mode|default() == 'vpc-client'
21 - name: Install packages
29 - name: Install pip things
36 - name: openvpn config directories
42 path: /etc/openvpn/{{ item }}
47 - name: openvpn cert directory
50 path: /etc/openvpn/keys
55 - name: openvpn log directory
58 path: /var/log/openvpn
63 - name: openvpn log files
71 path: /var/log/openvpn/{{ item }}
76 - name: install scripts
77 when: vpn_mode == 'user-server'
83 dest: /etc/openvpn/scripts/{{ item }}
88 - name: generate dh parameters
89 command: /usr/bin/openssl dhparam -out /etc/openvpn/keys/dh.pem 4096
91 creates: /etc/openvpn/keys/dh.pem
95 - file: ca.{{ ca_name|lower }}.crt
96 content: "{{ ca_cert }}"
98 - file: crl.{{ ca_name|lower }}.pem
99 content: "{{ crl_pem }}"
101 - file: "{{ vpc_region }}.{{ ca_name|lower }}.crt"
102 content: "{{ cert }}"
104 - file: "{{ vpc_region }}.{{ ca_name|lower }}.key"
108 dest: /etc/openvpn/keys/{{ item.file }}
109 content: "{{ item.content }}"
110 mode: "{{ item.mode }}"
116 - name: configure openvpn
118 src: "{{ vpn_mode }}.conf.j2"
119 dest: /etc/openvpn/{{ vpc_region }}-{{ vpn_mode }}.conf
126 - name: enable openvpn
133 - name: configure log shipping
135 src: awslogs.openvpn.conf
136 dest: /etc/awslogs/config/openvpn.conf