From 9c04f68b69975d3cf64a6e8deccfef1273b4800a Mon Sep 17 00:00:00 2001
From: Kurt Bales <kwbales@kwbales.net>
Date: Fri, 27 Mar 2015 00:14:22 -0700
Subject: [PATCH] Fix VPN deployment playbook and test

---
 ansible/playbooks/templates/interfaces.set.j2      | 2 +-
 ansible/playbooks/templates/interfaces_zone.set.j2 | 4 ++--
 ansible/playbooks/templates/vpn_ipsec.set.j2       | 2 +-
 ansible/playbooks/vpn_config.yml                   | 4 ++--
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/ansible/playbooks/templates/interfaces.set.j2 b/ansible/playbooks/templates/interfaces.set.j2
index 07c2bb0..f09b6df 100644
--- a/ansible/playbooks/templates/interfaces.set.j2
+++ b/ansible/playbooks/templates/interfaces.set.j2
@@ -1,5 +1,5 @@
 {% for i in interfaces %}
-    {% if i.addr_type is "dhcp" %}
+    {% if i.addr_type == "dhcp" %}
 set interfaces {{ i.interface }} unit {{ i.unit }} family {{ i.family }} dhcp
     {% else %}
 set interfaces {{ i.interface }} unit {{ i.unit }} family {{ i.family }} {{ i.addr_type }} {{ i.addr }}
diff --git a/ansible/playbooks/templates/interfaces_zone.set.j2 b/ansible/playbooks/templates/interfaces_zone.set.j2
index 67c684e..c8eab89 100644
--- a/ansible/playbooks/templates/interfaces_zone.set.j2
+++ b/ansible/playbooks/templates/interfaces_zone.set.j2
@@ -1,9 +1,9 @@
 {% for i in interfaces %}
 	{% if i.zone is defined%}
-set security zones security-zone {{ i.zone }} interfaces {{ i.interface }}
+set security zones security-zone {{ i.zone }} interfaces {{ i.interface -}}.{{ i.unit -}}
 	{% endif %}
 
 	{% if i.inbound_type %}
-set security zones security-zone {{ i.zone }} interfaces {{ i.interface }} host-inbound-traffic {{ i.inbound_type }} {{ i.system_service }}
+set security zones security-zone {{ i.zone }} interfaces {{ i.interface }}.{{ i.unit }}  host-inbound-traffic {{ i.inbound_type }} {{ i.system_service }}
 	{% endif %}
 {% endfor %}
diff --git a/ansible/playbooks/templates/vpn_ipsec.set.j2 b/ansible/playbooks/templates/vpn_ipsec.set.j2
index b4597bb..b122bae 100644
--- a/ansible/playbooks/templates/vpn_ipsec.set.j2
+++ b/ansible/playbooks/templates/vpn_ipsec.set.j2
@@ -2,5 +2,5 @@
 set security ipsec policy {{ i.ipsec_policy_name }} proposal-set {{ i.ipsec_policy_mode }}
 set security ipsec vpn {{ i.ipsec_vpn_name }} ike gateway {{ i.ike_gateway }}
 set security ipsec vpn {{ i.ipsec_vpn_name }} ike ipsec-policy {{ i.ipsec_policy_name }} 
-set security ipsec vpn {{ i.ipsec_vpn_name }} bind-interface {{ vpn.tunnel_int }}
+set security ipsec vpn {{ i.ipsec_vpn_name }} bind-interface {{ i.tunnel_int }}
 {% endfor %}
diff --git a/ansible/playbooks/vpn_config.yml b/ansible/playbooks/vpn_config.yml
index 3ed190b..0c0fd4b 100644
--- a/ansible/playbooks/vpn_config.yml
+++ b/ansible/playbooks/vpn_config.yml
@@ -11,7 +11,7 @@
     fw_policy_info: [ {'policy_name':'Allow_Policy','src_zone':'trust','dst_zone':'untrust','src_ips':['LocalNet'],'dst_ips':['PrivateNet'],'action':'permit','apps':['any']}]
     mss_entries: [ {'protocol': 'ipsec-vpn', 'mss': '1350'} ]
     interfaces: [ {'interface': 'st0', 'unit': '1', 'family': 'inet', 'addr_type': 'address', 'addr': '10.255.1.2/30', 'zone':'vpn', 'inbound_type': 'system-services', 'system_service': 'ping'} ]
-    ike: [ {'ike_name': 'ike-vpn', 'gateway_ip': '10.10.0.10', 'ext_interface': 'ge-0/0/2', 'ike_policy_name': 'ike-policy1', 'ike_policy_mode': 'mode', 'ike_policy_proposal': 'stanard', 'shared_secret': 'AwesomePassword123'} ]
+    ike: [ {'ike_name': 'ike-vpn', 'gateway_ip': '10.10.0.10', 'ext_interface': 'ge-0/0/2.0', 'ike_policy_name': 'ike-policy1', 'ike_policy_mode': 'main', 'ike_policy_proposal': 'standard', 'shared_secret': 'AwesomePassword123'} ]
     ipsec: [ {'ipsec_policy_name': 'vpn-policy1', 'ipsec_policy_mode': 'standard', 'ipsec_vpn_name': 'ipsec-vpn', 'ike_gateway': 'ike-vpn', 'tunnel_int': 'st0.1'} ]
 
 
@@ -27,7 +27,7 @@
       template: src=templates/interfaces.set.j2 dest={{build_dir}}/interfaces.set
       with_items: interfaces
 
-    - name: Apply tunnel interface
+    - name: Apply vpn tunnel interface
       junos_install_config: host={{ inventory_hostname }} user={{ junos_user }} passwd={{ junos_password }} file={{ build_dir }}/interfaces.set overwrite=no logfile=logs/{{ inventory_hostname }}.log
 
     - name: Build vpn zone