forked from softasap/sa-vpn-softether
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.yml
113 lines (88 loc) · 3.6 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
---
# /=====================================
# Defaults file for softether-vpn-server
# =====================================/
# Set true to add {{ softether_bin_dir }} to PATH env via /etc/profile.d/softether.sh
option_add_to_path: False
# This will wipe out any existing config in the VPN server, so be careful
option_reset_softether_config: True
# This will force new binaries to be created
option_build_new_binaries: True
# This will clean up the downloaded source zip and build files
# Useful to set False for debugging
option_cleanup_old_files: True
# This will set up letsencrypt certificates on the server. {{ softether_fqdn }} will be used
# Otherwise self-signed certs will be used
option_setup_letsencrypt: False
# As we are downloading source code and compiling to a binary, this overides the path to build the binaries in
binary_build_path: /tmp
# This was the latest version at the time this role was authored
softether_binary_url: http://www.softether-download.com/files/softether/v4.25-9656-rtm-2018.01.15-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-v4.25-9656-rtm-2018.01.15-linux-x64-64bit.tar.gz
# SecureNAT is a combination of Virtual NAT and DHCP Server function. You can enable SecureNAT using the option below.
# DON'T use this at the same time as LocalBridge (below)
softether_option_securenat: true
# LocalBridge is another option that you can use
# DON'T use this at the same time as SecureNAT (above)
softether_option_local_bridge: false
# This option will stop all traffic from being forced over the VPN.
# If used, the DHCP scope MUST be set
softether_option_split_routing: true
# DHCP options. Make sure these don't conflict with any existing ranges you may have locally
softether_dhcp_range_start: 192.168.30.10
softether_dhcp_range_finish: 192.168.30.200
softether_dhcp_netmask: 255.255.255.0
softether_dhcp_gateway: 192.168.30.1
softether_dhcp_dns1: 192.168.30.1
softether_dhcp_dns2: 8.8.8.8
# Routes to push out to clients via DHCP. This is needed if using split tunnelling
softether_push_routes:
- network: 192.168.3.0
netmask: 255.255.255.0
gateway: 192.168.3.1
- network: 192.168.4.0
netmask: 255.255.255.0
gateway: 192.168.4.1
# FQDN to use for SSL certificates
softether_fqdn: "{{ ansible_host }}"
### Default settings that can be overridden
softether_server_admin_password: "U8erSeCur3"
softether_hub_name: vpn
softether_hub_password: "S3cureP4$$"
# Change this to set a different binaries directory
softether_bin_dir: "/opt/softether"
# Set the language of the UI. Options are 'ja' (Japanese), 'en' (English), 'cn' (Simplified Chinese)
softether_lang: en
# Enable / Disable SSTP
softether_option_sstp: true
# Enable / Disable IPSEC, and configs
softether_option_ipsec: true
softether_ipsec_l2tp: yes
softether_ipsec_l2tpraw: yes
softether_ipsec_etherip: no
softether_ipsec_presharedkey: "[1KH;+r-X#cvhpv7Y6=#;[{u"
# Enable / Disable OpenVPN, and configs
softether_option_openvpn: true
softether_openvpn_port: 1194
softether_openvpn_config: "{{softether_bin_dir}}/generated/openvpn_config.zip"
# Bridge defaults
softether_bridge_device: soft
softether_bridge_tap: no
# VPN Users section. Please DO override these! :)
softether_vpn_users:
- {
realname: User 1,
name: user1,
password: U4er1Pa55
}
- {
name: user2,
password: U4er2Pa55
}
# SysCtl control options. Multiple options can be specified, as above
softether_sysctl_conf_lines:
- {
name: net.ipv4.ip_forward,
value: 1
}
# VPN config script. This is a Jinja2 template file which uses many of the options above
softether_config_script: configs/create_hub