openvpn auf webserver, ldap binding auf vpn ip

webserver/docker_ldap/tasks/main.yml

@@ -49,6 +49,9 @@
       LDAP_READONLY_USER: true
       LDAP_READONLY_USER_USERNAME: readonly
       LDAP_READONLY_USER_PASSWORD: "{{ ldap_readonly_pass }}"
+    ports:
+      - 127.0.0.1:389:389
+      - 127.0.0.1:636:636
       
 - name: start phpldapadmin docker
   docker_container: 

webserver/main.yml

@@ -4,6 +4,7 @@
   remote_user: root
   roles:
     - { role: nginx, tags: nginx }
+    - { role: openvpn, tags: openvpn }
     - { role: docker, tags: docker }
     - { role: docker_dokuwiki, tags: dokuwiki }
     - { role: docker_etherpad, tags: etherpad }

webserver/openvpn/handlers/main.yml

+---
+- name: restart openvpn
+  service: name=openvpn state=restarted

webserver/openvpn/tasks/main.yml

+# Pakete installieren
+- name: openvpn installieren
+  apt:
+    pkg: "{{ item }}"
+    update_cache: yes
+    state: installed
+  with_items:
+    - openvpn
+
+# Konfigurationsdateien erstellen (ohne Keys)
+
+- name: Konfiguration erstellen 
+  template: src=warpzone.conf dest=/etc/openvpn/warpzone.conf
+  notify: restart openvpn
+
+- name: Konfiguration erstellen 
+  template: src=warpzone-up.sh dest=/etc/openvpn/warpzone-up.sh mode=o+x
+  notify: restart openvpn
+

webserver/openvpn/templates/warpzone-up.sh

+#!/bin/sh
+# the interface name is passed as first argument ($1)
+
+modprobe ip_tables
+iptables -t nat -I PREROUTING -p tcp -d 10.0.20.2/32 --dport 389 -j DNAT --to-destination 127.0.0.1:389
+iptables -t nat -I PREROUTING -p tcp -d 10.0.20.2/32 --dport 636 -j DNAT --to-destination 127.0.0.1:636

webserver/openvpn/templates/warpzone.conf

+
+dev tun
+persist-tun
+persist-key
+cipher AES-256-CBC
+auth SHA1
+tls-client
+client
+resolv-retry infinite
+remote 212.124.34.242 1195 udp
+verify-x509-name "OpenVPN Server" name
+pkcs12 /etc/openvpn/warpzone.p12
+tls-auth /etc/openvpn/warpzone.key 1
+comp-lzo adaptive
+
+script-security 2
+up /etc/openvpn/warpzone-up.sh