From 9254134a85f417633d48cff1424ad88bb6c9f94c Mon Sep 17 00:00:00 2001 From: Hank Preston Date: Thu, 17 Nov 2022 15:22:27 -0500 Subject: [PATCH] initial ansible vpn config demo --- ansible-vpn/configs/.gitignore | 1 + ansible-vpn/requirements.txt | 10 ++++++++ ansible-vpn/templates/ios-vpn.j2 | 19 ++++++++++++++ ansible-vpn/vpn_configs.yaml | 44 ++++++++++++++++++++++++++++++++ ansible-vpn/vpn_list.csv | 31 ++++++++++++++++++++++ 5 files changed, 105 insertions(+) create mode 100644 ansible-vpn/configs/.gitignore create mode 100644 ansible-vpn/requirements.txt create mode 100644 ansible-vpn/templates/ios-vpn.j2 create mode 100644 ansible-vpn/vpn_configs.yaml create mode 100644 ansible-vpn/vpn_list.csv diff --git a/ansible-vpn/configs/.gitignore b/ansible-vpn/configs/.gitignore new file mode 100644 index 0000000..e486f82 --- /dev/null +++ b/ansible-vpn/configs/.gitignore @@ -0,0 +1 @@ +*-config.txt diff --git a/ansible-vpn/requirements.txt b/ansible-vpn/requirements.txt new file mode 100644 index 0000000..f423f3a --- /dev/null +++ b/ansible-vpn/requirements.txt @@ -0,0 +1,10 @@ +ansible-core==2.14.0 +cffi==1.15.1 +cryptography==38.0.3 +Jinja2==3.1.2 +MarkupSafe==2.1.1 +packaging==21.3 +pycparser==2.21 +pyparsing==3.0.9 +PyYAML==6.0 +resolvelib==0.8.1 diff --git a/ansible-vpn/templates/ios-vpn.j2 b/ansible-vpn/templates/ios-vpn.j2 new file mode 100644 index 0000000..d8f7ebf --- /dev/null +++ b/ansible-vpn/templates/ios-vpn.j2 @@ -0,0 +1,19 @@ +crypto isakmp policy 10 + encryption aes + hash sha256 + authentication pre-share + group 14 + +crypto ipsec transform-set vpn_transform esp-aes esp-sha256-hmac + +access-list 100 permit ip {{ source_network }} {{ source_mask }} {{ destination_network }} {{ destination_mask }} + +crypto isakmp key {{ preshared_key }} address {{ tunnel_destination }} + +crypto map {{ vpn_name }} 10 ipsec-isakmp + set peer {{ tunnel_destination }} + set transform-setvpn_transform + match address 100 + +interface {{ tunnel_interface }} + crypto map {{ vpn_name }} \ No newline at end of file diff --git a/ansible-vpn/vpn_configs.yaml b/ansible-vpn/vpn_configs.yaml new file mode 100644 index 0000000..4dffe34 --- /dev/null +++ b/ansible-vpn/vpn_configs.yaml @@ -0,0 +1,44 @@ +--- +- name: Create VPN Configurations From CSV File + hosts: localhost + gather_facts: false + + tasks: + - name: Read VPN List from CSV file + community.general.read_csv: + path: vpn_list.csv + register: vpns + + - name: Side 1 Config + loop: "{{ vpns.list }}" + loop_control: + label: "{{ item.vpn_name }} Side 1" + vars: + vpn_name: "{{ item.vpn_name }}" + preshared_key: "{{ item.preshared_key }} " + source_network: "{{ item.side_1_inside }}" + source_mask: "{{ item.side_1_mask }} " + destination_network: "{{ item.side_2_inside }}" + destination_mask: "{{ item.side_2_mask }}" + tunnel_destination: "{{ item.side_2_public_ip }}" + tunnel_interface: "{{ item.side_1_outside }} " + ansible.builtin.template: + src: ios-vpn.j2 + dest: configs/{{ item.vpn_name }}-side1-config.txt + + - name: Side 2 Config + loop: "{{ vpns.list }}" + loop_control: + label: "{{ item.vpn_name }} Side 2" + vars: + vpn_name: "{{ item.vpn_name }}" + preshared_key: "{{ item.preshared_key }} " + source_network: "{{ item.side_2_inside }}" + source_mask: "{{ item.side_2_mask }} " + destination_network: "{{ item.side_1_inside }}" + destination_mask: "{{ item.side_1_mask }}" + tunnel_destination: "{{ item.side_1_public_ip }}" + tunnel_interface: "{{ item.side_2_outside }} " + ansible.builtin.template: + src: ios-vpn.j2 + dest: configs/{{ item.vpn_name }}-side2-config.txt \ No newline at end of file diff --git a/ansible-vpn/vpn_list.csv b/ansible-vpn/vpn_list.csv new file mode 100644 index 0000000..ecc55e4 --- /dev/null +++ b/ansible-vpn/vpn_list.csv @@ -0,0 +1,31 @@ +vpn_name,side_1_outside,side_1_public_ip,side_1_inside,side_1_mask,side_2_outside,side_2_public_ip,side_2_inside,side_2_mask,preshared_key +VPN_101,GigabitEthernet0/1,203.0.113.101,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.33,172.28.11.0,0.0.0.255,ZA788I +VPN_102,GigabitEthernet0/1,203.0.113.102,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.34,172.28.12.0,0.0.0.255,AM285I +VPN_103,GigabitEthernet0/1,203.0.113.103,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.35,172.28.13.0,0.0.0.255,LG478H +VPN_104,GigabitEthernet0/1,203.0.113.104,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.36,172.28.14.0,0.0.0.255,WQ378E +VPN_105,GigabitEthernet0/1,203.0.113.105,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.37,172.28.15.0,0.0.0.255,IQ414K +VPN_106,GigabitEthernet0/1,203.0.113.106,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.38,172.28.16.0,0.0.0.255,SX892U +VPN_107,GigabitEthernet0/1,203.0.113.107,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.39,172.28.17.0,0.0.0.255,MU655D +VPN_108,GigabitEthernet0/1,203.0.113.108,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.40,172.28.18.0,0.0.0.255,BE798D +VPN_109,GigabitEthernet0/1,203.0.113.109,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.41,172.28.19.0,0.0.0.255,ZV856J +VPN_110,GigabitEthernet0/1,203.0.113.110,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.42,172.28.20.0,0.0.0.255,NZ326F +VPN_111,GigabitEthernet0/1,203.0.113.111,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.43,172.28.21.0,0.0.0.255,JI492F +VPN_112,GigabitEthernet0/1,203.0.113.112,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.44,172.28.22.0,0.0.0.255,OX357R +VPN_113,GigabitEthernet0/1,203.0.113.113,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.45,172.28.23.0,0.0.0.255,HN203X +VPN_114,GigabitEthernet0/1,203.0.113.114,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.46,172.28.24.0,0.0.0.255,TM449R +VPN_115,GigabitEthernet0/1,203.0.113.115,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.47,172.28.25.0,0.0.0.255,HS131D +VPN_116,GigabitEthernet0/1,203.0.113.116,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.48,172.28.26.0,0.0.0.255,ZK468M +VPN_117,GigabitEthernet0/1,203.0.113.117,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.49,172.28.27.0,0.0.0.255,KO827T +VPN_118,GigabitEthernet0/1,203.0.113.118,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.50,172.28.28.0,0.0.0.255,XH308M +VPN_119,GigabitEthernet0/1,203.0.113.119,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.51,172.28.29.0,0.0.0.255,BX371N +VPN_120,GigabitEthernet0/1,203.0.113.120,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.52,172.28.30.0,0.0.0.255,EQ345W +VPN_121,GigabitEthernet0/1,203.0.113.121,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.53,172.28.31.0,0.0.0.255,CU286E +VPN_122,GigabitEthernet0/1,203.0.113.122,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.54,172.28.32.0,0.0.0.255,JD396Z +VPN_123,GigabitEthernet0/1,203.0.113.123,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.55,172.28.33.0,0.0.0.255,VQ393Y +VPN_124,GigabitEthernet0/1,203.0.113.124,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.56,172.28.34.0,0.0.0.255,VW636O +VPN_125,GigabitEthernet0/1,203.0.113.125,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.57,172.28.35.0,0.0.0.255,PW939V +VPN_126,GigabitEthernet0/1,203.0.113.126,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.58,172.28.36.0,0.0.0.255,UR382C +VPN_127,GigabitEthernet0/1,203.0.113.127,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.59,172.28.37.0,0.0.0.255,AJ178G +VPN_128,GigabitEthernet0/1,203.0.113.128,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.60,172.28.38.0,0.0.0.255,PH438E +VPN_129,GigabitEthernet0/1,203.0.113.129,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.61,172.28.39.0,0.0.0.255,OP507L +VPN_130,GigabitEthernet0/1,203.0.113.130,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.62,172.28.40.0,0.0.0.255,DP586R \ No newline at end of file