dnutiu/ansible-playbooks
dnutiu/ansible-playbooks
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Improve openvpn+obfs4 recipe

Browse source
This commit is contained in:
Denis-Cosmin Nutiu 2019-04-14 14:00:11 +03:00
parent c987354d0f
commit 8dc2bc4040
3 changed files with 35 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
obfs4-openvpn-server/ansible.cfg
View file

@ -1,2 +1,3 @@
[defaults] [defaults]
hostfile = hosts hostfile = hosts
host_key_checking = False

3
obfs4-openvpn-server/hosts
View file

@ -1 +1,4 @@
[vpnservers] [vpnservers]
[vpnservers:vars]
ansible_python_interpreter=/usr/bin/python3

40
obfs4-openvpn-server/playbook.yml
View file

@ -2,13 +2,16 @@
gather_facts: yes gather_facts: yes
become_user: root become_user: root
tasks: tasks:
- name: Install python 2 - name: Check OpenVPN installation.
raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal) stat:
path: /etc/openvpn/server.conf
register: openvpn_config_file
- name: Download OpenVPN install script. - name: Download OpenVPN install script.
get_url: get_url:
url: https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh url: https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh
dest: /etc/openvpn-install.sh dest: /etc/openvpn-install.sh
- name: Install OpenVPN when: openvpn_config_file.stat.exists == false
- name: Install OpenVPN.
command: bash /etc/openvpn-install.sh command: bash /etc/openvpn-install.sh
environment: environment:
APPROVE_INSTALL: y APPROVE_INSTALL: y
@ -21,33 +24,50 @@
CUSTOMIZE_ENC: n CUSTOMIZE_ENC: n
CLIENT: client CLIENT: client
PASS: 1 PASS: 1
- name: Retrieve the OpenVPN client file. when: openvpn_config_file.stat.exists == false
- name: Fetch OpenVPN client file.
fetch: fetch:
src: /root/client.ovpn src: /root/client.ovpn
dest: . dest: .
mode: 0774 mode: 0774
- name: Install obfsproxy - name: Install Obfs4.
apt: pkg=obfs4proxy state=present apt: pkg=obfs4proxy state=present
- name: Creates obfs4 directories - name: Create Obfs4 config directories.
file: file:
path: /var/lib/tor/pt_state/obfs4 path: /var/lib/tor/pt_state/obfs4
state: directory state: directory
- name: Copy obfs4 config from host to remote - name: Copy Obfs4 config.
copy: copy:
src: obfs4.config src: obfs4.config
dest: /var/lib/tor/pt_state/obfs4/obfs4.config dest: /var/lib/tor/pt_state/obfs4/obfs4.config
- name: Create systemd service for obfs4 - name: Create a systemd service for Obfs4.
copy: copy:
src: obfs4proxy.service src: obfs4proxy.service
dest: /etc/systemd/system/obfs4proxy.service dest: /etc/systemd/system/obfs4proxy.service
- name: Enable the obfs4proxy systemd service - name: Enable the systemd service for Obfs4.
systemd: systemd:
name: obfs4proxy name: obfs4proxy
state: started state: started
enabled: yes enabled: yes
- name: Retrieve the obs4 cert key file. - name: Fetch the Obfs4 certificate.
fetch: fetch:
src: /var/lib/tor/pt_state/obfs4/obfs4_bridgeline.txt src: /var/lib/tor/pt_state/obfs4/obfs4_bridgeline.txt
dest: . dest: .
mode: 0774 mode: 0774
- name: Install Firewall
apt: pkg=ufw state=present
- name: Firewall - Limit ssh/tcp
ufw:
rule: limit
port: ssh
proto: tcp
- name: Firewall - Limit 443/tcp
ufw:
rule: limit
port: 443
proto: tcp
- name: Firewall - Enable
ufw:
state: enabled
logging: on