initial ansible vpn config demo

hpreston · Nov 17, 2022 · 9254134 · 9254134
1 parent 73ab377
commit 9254134
Show file tree

Hide file tree

Showing 5 changed files with 105 additions and 0 deletions.
diff --git a/ansible-vpn/configs/.gitignore b/ansible-vpn/configs/.gitignore
@@ -0,0 +1 @@
+*-config.txt
diff --git a/ansible-vpn/requirements.txt b/ansible-vpn/requirements.txt
@@ -0,0 +1,10 @@
+ansible-core==2.14.0
+cffi==1.15.1
+cryptography==38.0.3
+Jinja2==3.1.2
+MarkupSafe==2.1.1
+packaging==21.3
+pycparser==2.21
+pyparsing==3.0.9
+PyYAML==6.0
+resolvelib==0.8.1
diff --git a/ansible-vpn/templates/ios-vpn.j2 b/ansible-vpn/templates/ios-vpn.j2
@@ -0,0 +1,19 @@
+crypto isakmp policy 10
+ encryption aes
+ hash sha256
+ authentication pre-share
+ group 14 
+
+crypto ipsec transform-set vpn_transform esp-aes esp-sha256-hmac
+
+access-list 100 permit ip {{ source_network }} {{ source_mask }} {{ destination_network }} {{ destination_mask }}
+
+crypto isakmp key {{ preshared_key }} address {{ tunnel_destination }}
+
+crypto map {{ vpn_name }} 10 ipsec-isakmp
+ set peer {{ tunnel_destination }} 
+ set transform-setvpn_transform 
+ match address 100
+
+interface {{ tunnel_interface }} 
+ crypto map {{ vpn_name }}
diff --git a/ansible-vpn/vpn_configs.yaml b/ansible-vpn/vpn_configs.yaml
@@ -0,0 +1,44 @@
+---
+- name: Create VPN Configurations From CSV File
+  hosts: localhost
+  gather_facts: false 
+
+  tasks: 
+  - name: Read VPN List from CSV file
+    community.general.read_csv:
+      path: vpn_list.csv
+    register: vpns
+
+  - name: Side 1 Config
+    loop: "{{ vpns.list }}"
+    loop_control: 
+      label: "{{ item.vpn_name }} Side 1"
+    vars: 
+      vpn_name: "{{ item.vpn_name }}"
+      preshared_key: "{{ item.preshared_key }} "
+      source_network: "{{ item.side_1_inside }}"
+      source_mask: "{{ item.side_1_mask }} "
+      destination_network: "{{ item.side_2_inside }}"
+      destination_mask: "{{ item.side_2_mask }}"
+      tunnel_destination: "{{ item.side_2_public_ip }}"
+      tunnel_interface: "{{ item.side_1_outside }} "
+    ansible.builtin.template:
+      src: ios-vpn.j2
+      dest: configs/{{ item.vpn_name }}-side1-config.txt
+
+  - name: Side 2 Config
+    loop: "{{ vpns.list }}"
+    loop_control: 
+      label: "{{ item.vpn_name }} Side 2"
+    vars: 
+      vpn_name: "{{ item.vpn_name }}"
+      preshared_key: "{{ item.preshared_key }} "
+      source_network: "{{ item.side_2_inside }}"
+      source_mask: "{{ item.side_2_mask }} "
+      destination_network: "{{ item.side_1_inside }}"
+      destination_mask: "{{ item.side_1_mask }}"
+      tunnel_destination: "{{ item.side_1_public_ip }}"
+      tunnel_interface: "{{ item.side_2_outside }} "
+    ansible.builtin.template:
+      src: ios-vpn.j2
+      dest: configs/{{ item.vpn_name }}-side2-config.txt
diff --git a/ansible-vpn/vpn_list.csv b/ansible-vpn/vpn_list.csv
@@ -0,0 +1,31 @@
+vpn_name,side_1_outside,side_1_public_ip,side_1_inside,side_1_mask,side_2_outside,side_2_public_ip,side_2_inside,side_2_mask,preshared_key
+VPN_101,GigabitEthernet0/1,203.0.113.101,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.33,172.28.11.0,0.0.0.255,ZA788I
+VPN_102,GigabitEthernet0/1,203.0.113.102,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.34,172.28.12.0,0.0.0.255,AM285I
+VPN_103,GigabitEthernet0/1,203.0.113.103,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.35,172.28.13.0,0.0.0.255,LG478H
+VPN_104,GigabitEthernet0/1,203.0.113.104,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.36,172.28.14.0,0.0.0.255,WQ378E
+VPN_105,GigabitEthernet0/1,203.0.113.105,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.37,172.28.15.0,0.0.0.255,IQ414K
+VPN_106,GigabitEthernet0/1,203.0.113.106,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.38,172.28.16.0,0.0.0.255,SX892U
+VPN_107,GigabitEthernet0/1,203.0.113.107,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.39,172.28.17.0,0.0.0.255,MU655D
+VPN_108,GigabitEthernet0/1,203.0.113.108,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.40,172.28.18.0,0.0.0.255,BE798D
+VPN_109,GigabitEthernet0/1,203.0.113.109,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.41,172.28.19.0,0.0.0.255,ZV856J
+VPN_110,GigabitEthernet0/1,203.0.113.110,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.42,172.28.20.0,0.0.0.255,NZ326F
+VPN_111,GigabitEthernet0/1,203.0.113.111,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.43,172.28.21.0,0.0.0.255,JI492F
+VPN_112,GigabitEthernet0/1,203.0.113.112,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.44,172.28.22.0,0.0.0.255,OX357R
+VPN_113,GigabitEthernet0/1,203.0.113.113,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.45,172.28.23.0,0.0.0.255,HN203X
+VPN_114,GigabitEthernet0/1,203.0.113.114,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.46,172.28.24.0,0.0.0.255,TM449R
+VPN_115,GigabitEthernet0/1,203.0.113.115,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.47,172.28.25.0,0.0.0.255,HS131D
+VPN_116,GigabitEthernet0/1,203.0.113.116,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.48,172.28.26.0,0.0.0.255,ZK468M
+VPN_117,GigabitEthernet0/1,203.0.113.117,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.49,172.28.27.0,0.0.0.255,KO827T
+VPN_118,GigabitEthernet0/1,203.0.113.118,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.50,172.28.28.0,0.0.0.255,XH308M
+VPN_119,GigabitEthernet0/1,203.0.113.119,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.51,172.28.29.0,0.0.0.255,BX371N
+VPN_120,GigabitEthernet0/1,203.0.113.120,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.52,172.28.30.0,0.0.0.255,EQ345W
+VPN_121,GigabitEthernet0/1,203.0.113.121,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.53,172.28.31.0,0.0.0.255,CU286E
+VPN_122,GigabitEthernet0/1,203.0.113.122,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.54,172.28.32.0,0.0.0.255,JD396Z
+VPN_123,GigabitEthernet0/1,203.0.113.123,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.55,172.28.33.0,0.0.0.255,VQ393Y
+VPN_124,GigabitEthernet0/1,203.0.113.124,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.56,172.28.34.0,0.0.0.255,VW636O
+VPN_125,GigabitEthernet0/1,203.0.113.125,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.57,172.28.35.0,0.0.0.255,PW939V
+VPN_126,GigabitEthernet0/1,203.0.113.126,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.58,172.28.36.0,0.0.0.255,UR382C
+VPN_127,GigabitEthernet0/1,203.0.113.127,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.59,172.28.37.0,0.0.0.255,AJ178G
+VPN_128,GigabitEthernet0/1,203.0.113.128,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.60,172.28.38.0,0.0.0.255,PH438E
+VPN_129,GigabitEthernet0/1,203.0.113.129,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.61,172.28.39.0,0.0.0.255,OP507L
+VPN_130,GigabitEthernet0/1,203.0.113.130,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.62,172.28.40.0,0.0.0.255,DP586R