sebastian.serfling
/
Ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Ansible/playbook/roles/router/tasks/main.yaml

130 lines
3.4 KiB
YAML
Raw Permalink Blame History

# - name: Install Pfsense-Sudo Package
# ansible.builtin.shell:
# cmd: pkg install -y pfsense-pkg-sudo
- name: Set Hostname to "{{ kundenkürzel }}-ROU01"
pfsensible.core.pfsense_setup:
hostname: "{{ kundenkürzel }}-ROU01"
domain: "{{ kundendomain }}"
- name: Set timezone and language
pfsensible.core.pfsense_setup:
timezone: Europe/Berlin
language: de_DE
- name: Enable Interface vtnet1 (Privat-Network)
pfsensible.core.pfsense_interface:
descr: LAN
interface: vtnet1
ipv4_address: "{{ privatip }}.1"
ipv4_prefixlen: 24
ipv4_type: static
enable: true
- name: "Add NAT port 25 forward traffic rule"
pfsensible.core.pfsense_nat_port_forward:
descr: 'Port 25'
interface: wan
source: any
destination: any:25
target: "{{ privatip }}.2:25"
associated_rule: associated
state: present
- name: "Add NAT port 80 forward traffic rule"
pfsensible.core.pfsense_nat_port_forward:
descr: 'Port 80'
interface: wan
source: any
destination: any:80
target: "{{ privatip }}.3:80"
associated_rule: associated
state: present
- name: "Add NAT port 443 forward traffic rule"
pfsensible.core.pfsense_nat_port_forward:
descr: 'Port 443'
interface: wan
source: any
destination: any:443
target: "{{ privatip }}.3:443"
associated_rule: associated
state: present
- name: "Add NAT port 465 forward traffic rule"
pfsensible.core.pfsense_nat_port_forward:
descr: 'Port 465'
interface: wan
source: any
destination: any:465
target: "{{ privatip }}.2:465"
associated_rule: associated
state: present
- name: "Add NAT port 993 forward traffic rule"
pfsensible.core.pfsense_nat_port_forward:
descr: 'Port 993'
interface: wan
source: any
destination: any:993
target: "{{ privatip }}.2:993"
associated_rule: associated
state: present
- name: "Add NAT port 587 forward traffic rule"
pfsensible.core.pfsense_nat_port_forward:
descr: 'Port 587'
interface: wan
source: any
destination: any:587
target: "{{ privatip }}.2:587"
associated_rule: associated
state: present
- name: "Add NAT port 4500 forward traffic rule"
pfsensible.core.pfsense_nat_port_forward:
descr: 'Port 4500'
interface: wan
source: any
destination: any:4500
target: "{{ privatip }}.1:4500"
associated_rule: associated
state: present
protocol: udp
- name: "Add NAT port 500 forward traffic rule"
pfsensible.core.pfsense_nat_port_forward:
descr: 'Port 500'
interface: wan
source: any
destination: any:500
target: "{{ privatip }}.1:500"
associated_rule: associated
state: present
protocol: udp
- name: Add IPSEC "{{ kundenkürzel }} - Tunnel"
pfsensible.core.pfsense_ipsec:
state: present
descr: "{{ kundenkürzel }} - Tunnel"
interface: wan
remote_gateway: "{{ kunde_public_ip }}"
iketype: ikev1
mode: main
authentication_method: pre_shared_key
preshared_key: "{{ lookup('community.general.random_string', base64=True, length=32) }}"
- name: Add Phases 1 to IPSEC "{{ kundenkürzel }} - Tunnel"
pfsensible.core.pfsense_ipsec_p2:
p1_descr: "{{ kundenkürzel }} - Tunnel"
descr: "{{ kundenkürzel }} - Phase 2"
state: present
apply: False
mode: tunnel
local: "{{ privatip }}.1/24"
remote: "{{ kundennetz }}/24"
aes: True
aes256gcm: true
aes_len: auto
aes256gcm_len: auto
sha256: True
Reference in New Issue View Git Blame Copy Permalink