14 files changed, 29 insertions, 36 deletions
diff --git a/deploy_env/group_vars/all.yml b/deploy_env/group_vars/all.yml
index c1a65cb..f6dc4bd 100644
--- a/deploy_env/group_vars/all.yml
+++ b/deploy_env/group_vars/all.yml
@@ -10,6 +10,7 @@ wannat_global:
         bifang_db_password: "bifang!@#"
         bifang_radius_db_name: "tsg-bifang"
         vpn_client_ip_cidr: "10.10.120.0/24"
+        vpn_client_ip_mask: "10.10.120.0 255.255.255.0"
         vpn_server_ip_local: "10.10.120.1"
         vpn_client_ip_range: "10.10.120.2-254"
         sentry_upload_url: "https://sentry.mesalab.cn/api/3/minidump/?sentry_key=xxxxx"
@@ -32,20 +33,19 @@ wannat_global:
         g_probe_retry_times: 5
         max_item_number: 10000
         lru_timeout: 60
-        
-    pptp:    
-        mtu: 2000
-        dns1: "8.8.8.8"
-        dns2: "114.114.114.114"
+    
+    openvpn:
+        mtu: 1400
+        mss: 1360
         
     radius:
         shared_secret: "testing123"
         server_ip: "192.168.44.72"
         
     rpm_files:
-        natgw_rpm_file: "wannat_natgw-1.3.8.ed8832d-2.el7.x86_64.rpm"    
-        wire_graft_rpm_file: "libwire_graft-1.4.1.ec1bc7b-2.el7.x86_64.rpm"
-        toroad_rpm_file: "toroad-1.2.5.ceffe93-2.el7.x86_64.rpm"
+        natgw_rpm_file: "wannat_natgw-1.4.0.88cdbce-2.el7.x86_64.rpm"    
+        wire_graft_rpm_file: "libwire_graft-1.5.0.f3cadd2-2.el7.x86_64.rpm"
+        toroad_rpm_file: "toroad-1.3.1.64c74cb-2.el7.x86_64.rpm"
         ppp_rpm_file: "ppp-2.4.5-34.el7_7.x86_64.rpm"
         pptpd_rpm_file: "pptpd-1.4.0-2.el7.x86_64.rpm"
         openvpn_rpm_file: "openvpn-2.4.11-1.el7.x86_64.rpm"
diff --git a/roles/libwire_graft/files/rpm/libwire_graft-1.4.1.ec1bc7b-2.el7.x86_64.rpm b/roles/libwire_graft/files/rpm/libwire_graft-1.4.1.ec1bc7b-2.el7.x86_64.rpm
deleted file mode 100644
index a42f02a..0000000
--- a/roles/libwire_graft/files/rpm/libwire_graft-1.4.1.ec1bc7b-2.el7.x86_64.rpm
+++ /dev/null
diff --git a/roles/libwire_graft/files/rpm/libwire_graft-1.5.0.f3cadd2-2.el7.x86_64.rpm b/roles/libwire_graft/files/rpm/libwire_graft-1.5.0.f3cadd2-2.el7.x86_64.rpm
new file mode 100644
index 0000000..771b413
--- /dev/null
+++ b/roles/libwire_graft/files/rpm/libwire_graft-1.5.0.f3cadd2-2.el7.x86_64.rpm
diff --git a/roles/natgw/files/rpm/wannat_natgw-1.3.8.ed8832d-2.el7.x86_64.rpm b/roles/natgw/files/rpm/wannat_natgw-1.3.8.ed8832d-2.el7.x86_64.rpm
deleted file mode 100644
index 677e88e..0000000
--- a/roles/natgw/files/rpm/wannat_natgw-1.3.8.ed8832d-2.el7.x86_64.rpm
+++ /dev/null
diff --git a/roles/natgw/files/rpm/wannat_natgw-1.4.0.88cdbce-2.el7.x86_64.rpm b/roles/natgw/files/rpm/wannat_natgw-1.4.0.88cdbce-2.el7.x86_64.rpm
new file mode 100644
index 0000000..427761b
--- /dev/null
+++ b/roles/natgw/files/rpm/wannat_natgw-1.4.0.88cdbce-2.el7.x86_64.rpm
diff --git a/roles/natgw/tasks/main.yml b/roles/natgw/tasks/main.yml
index d12431e..4d4b9f7 100644
--- a/roles/natgw/tasks/main.yml
+++ b/roles/natgw/tasks/main.yml
@@ -65,6 +65,4 @@
     enabled: yes
     daemon_reload: yes  
     state: started
-  
-    
-  
+  
+\ No newline at end of file
diff --git a/roles/natgw/templates/monit_natgw.j2 b/roles/natgw/templates/monit_natgw.j2
index e15619d..13a46b6 100644
--- a/roles/natgw/templates/monit_natgw.j2
+++ b/roles/natgw/templates/monit_natgw.j2
@@ -13,6 +13,7 @@ while [ 1 ]; do
 #       echo $PROCESS_NUM
         if [ $PROCESS_NUM -lt 1 ]
         then
+		ip tuntap del dev tun_natgw mod tun
 		./wannat_natgw &
 		sleep 1
 		ifconfig tun_natgw 192.168.1.254/24 up
diff --git a/roles/natgw/templates/natgw.service.j2 b/roles/natgw/templates/natgw.service.j2
index b131a11..d32c7e2 100644
--- a/roles/natgw/templates/natgw.service.j2
+++ b/roles/natgw/templates/natgw.service.j2
@@ -23,7 +23,7 @@ ExecStartPost=/bin/sh -c "ip route add default via 100.64.1.253 table 1001"
 
 ExecStartPost=/bin/sh -c "/opt/tsg/wannat/natgw/natgw_set_iptables_rule.sh {{wannat_global.natgw.ctrl_device_name}}"
 
-TimeoutSec=300s
+TimeoutSec=1000s
 RestartSec=10s
 Restart=always
 LimitNOFILE=524288
diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml
index eea50de..bec4503 100644
--- a/roles/openvpn/tasks/main.yml
+++ b/roles/openvpn/tasks/main.yml
@@ -81,8 +81,8 @@
 
 - name: "template windows_client_example.ovpn to destination server"
   template:
-    src: "{{ role_path }}/templates/windows_client_example.ovpn"
-    dest: "/etc/openvpn/client/windows_client_example.ovpn"
+    src: "{{ role_path }}/templates/openvpn_client_example.ovpn"
+    dest: "/etc/openvpn/client/openvpn_client_example.ovpn"
   tags: template
   
 - name: "Template the openvpn server.conf config file"
@@ -106,6 +106,8 @@
 - name: "enable openvpn service"
   systemd:
     name: openvpn-server
-    enabled: yes
     daemon_reload: yes  
+    enabled: yes
+    state: started
+
 
diff --git a/roles/openvpn/templates/windows_client_example.ovpn b/roles/openvpn/templates/openvpn_client_example.ovpn
index 3cb77bc..682487a 100644
--- a/roles/openvpn/templates/windows_client_example.ovpn
+++ b/roles/openvpn/templates/openvpn_client_example.ovpn
@@ -1,23 +1,15 @@
 client
 dev tun
 proto tcp
-;;;change remote ipaddress for your environment
+;;;change remote server ipaddress or port for your environment
 remote 192.168.1.1 1194
 resolv-retry infinite
 nobind
-;user nobody
-;group nobody
 persist-key
 persist-tun
-;;;ca ca.crt
-;;;cert client.crt
-;;;key client.key
 remote-cert-tls server
-;;;tls-auth ta.key 1
-;;;;cipher AES-256-CBC
 compress lz4-v2
 verb 3
-;mute 20
 auth-user-pass
 
 <ca>
@@ -41,4 +33,4 @@ ZQWWAx+/dIZ8n6MVz5MQceaKpC+x/EL9wUcSHEVF5xEa9wm9B7daewrIprERNLSq
 S0XRwXFrspwUIoL0KFm/HA25LjSYRU9OlKiCCP9JsxjhhW5ExcNAxVbI0HpZY5bV
 RmQ4krnQ3hYS
 -----END CERTIFICATE-----
-</ca>
-\ No newline at end of file
+</ca>
diff --git a/roles/openvpn/templates/server.conf.j2 b/roles/openvpn/templates/server.conf.j2
index ef56947..2e88867 100644
--- a/roles/openvpn/templates/server.conf.j2
+++ b/roles/openvpn/templates/server.conf.j2
@@ -6,11 +6,11 @@ ca /etc/openvpn/server/ca.crt
 cert /etc/openvpn/server/server.crt
 key /etc/openvpn/server/server.key
 dh /etc/openvpn/server/dh.pem
-server 10.10.130.0 255.255.255.0
+server {{wannat_global.common.vpn_client_ip_mask}}
 ifconfig-pool-persist ipp.txt
-push "route 10.10.130.0 255.255.255.0"
+push "route {{wannat_global.common.vpn_client_ip_mask}}"
 push "redirect-gateway def1"
-push "remote-gateway 10.10.130.1"
+;;;push "remote-gateway 10.10.130.1"
 ;client-to-client
 ;duplicate-cn
 keepalive 10 120
@@ -27,8 +27,8 @@ persist-tun
 status openvpn-status.log
 log  /var/log/openvpn.log
 verb 9
-tun-mtu 1472
-mssfix 1400
+tun-mtu {{wannat_global.openvpn.mtu}}
+mssfix {{wannat_global.openvpn.mss}}
 
 username-as-common-name
 client-cert-not-required #close cert, use username and password to radius for auth 
diff --git a/roles/toroad/files/rpm/toroad-1.2.5.ceffe93-2.el7.x86_64.rpm b/roles/toroad/files/rpm/toroad-1.2.5.ceffe93-2.el7.x86_64.rpm
deleted file mode 100644
index cb56420..0000000
--- a/roles/toroad/files/rpm/toroad-1.2.5.ceffe93-2.el7.x86_64.rpm
+++ /dev/null
diff --git a/roles/toroad/files/rpm/toroad-1.3.1.64c74cb-2.el7.x86_64.rpm b/roles/toroad/files/rpm/toroad-1.3.1.64c74cb-2.el7.x86_64.rpm
new file mode 100644
index 0000000..bb020de
--- /dev/null
+++ b/roles/toroad/files/rpm/toroad-1.3.1.64c74cb-2.el7.x86_64.rpm
diff --git a/wannat-install.yml b/wannat-install.yml
index 0addbb8..0196d49 100644
--- a/wannat-install.yml
+++ b/wannat-install.yml
@@ -25,17 +25,17 @@
   vars_files:
     - deploy_env/group_vars/all.yml    
 
-- hosts: pptpd
-  roles:
-    - pptpd
-  vars_files:
-    - deploy_env/group_vars/all.yml    
-
 - hosts: radius_server
   roles:
     - radius_server
   vars_files:
     - deploy_env/group_vars/all.yml    
+    
+- hosts: openvpn
+  roles:
+    - openvpn
+  vars_files:
+    - deploy_env/group_vars/all.yml