client fixes (trailofbits#605)

faf0 · Jun 21, 2017 · 124e80a · 124e80a
1 parent b18f9bf
commit 124e80a
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 9 deletions.
diff --git a/deploy_client.yml b/deploy_client.yml
@@ -8,7 +8,7 @@
       add_host:
         name: "{{ client_ip }}"
         groups: client-host
-        ansible_ssh_user: "{{ server_ssh_user }}"
+        ansible_ssh_user: "{{ ssh_user }}"
         vpn_user: "{{ vpn_user }}"
         server_ip: "{{ server_ip }}"
 
@@ -35,7 +35,7 @@
         sudo apt-get update -qq && sudo apt-get install -qq -y python2.7 &&
         sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1
       changed_when: false
-      when: "'ubuntu' in distribution.stdout"
+      when: "'ubuntu' in distribution.stdout|lower"
 
     - name: Fedora 25 | Install prerequisites
       raw: >
@@ -44,7 +44,7 @@
         sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1 &&
         rpm -ql python2-dnf || dnf install python2-dnf -y
       changed_when: false
-      when: "'fedora' in distribution.stdout"
+      when: "'fedora' in distribution.stdout|lower"
 
   roles:
     - { role: client, tags: ['client'] }
diff --git a/docs/client-linux.md b/docs/client-linux.md
@@ -9,13 +9,13 @@ The playbook is `deploy_client.yml`
 
 * `client_ip` - The IP address of your client machine (You can use `localhost` in order to deploy locally)
 * `vpn_user` - The username. (Ensure that you have valid certificates and keys in the `configs/SERVER_ip/pki/` directory)
-* `client_ssh_user` - The username that we need to use in order to connect to the client machine via SSH (ignore if you are deploying locally)
+* `ssh_user` - The username that we need to use in order to connect to the client machine via SSH (ignore if you are deploying locally)
 * `server_ip` - The vpn server ip address
 
 ### Example:
 
 ```shell
-ansible-playbook deploy_client.yml -e 'client_ip=client.com vpn_user=jack server_ip=vpn-server.com server_ssh_user=root'
+ansible-playbook deploy_client.yml -e 'client_ip=client.com vpn_user=jack server_ip=vpn-server.com ssh_user=root'
 ```
 
 ### Additional options:

diff --git a/roles/client/tasks/main.yml b/roles/client/tasks/main.yml
@@ -39,9 +39,9 @@
     create: yes
   with_items:
     - dest: "{{ configs_prefix }}/ipsec.conf"
-      line: "include ipsec.*.conf"
+      line: "include ipsec.{{ IP_subject_alt_name }}.conf"
     - dest: "{{ configs_prefix }}/ipsec.secrets"
-      line: "include ipsec.*.secrets"
+      line: "include ipsec.{{ IP_subject_alt_name }}.secrets"
   notify:
     - restart strongswan
 
@@ -51,10 +51,10 @@
     dest: "{{ item.dest }}"
   with_items:
     - src: "configs/{{ IP_subject_alt_name }}/pki/certs/{{ vpn_user }}.crt"
-      dest: "{{ configs_prefix }}/ipsec.d/certs/{{ IP_subject_alt_name }}_{{ vpn_user }}.crt"
+      dest: "{{ configs_prefix }}/ipsec.d/certs/{{ vpn_user }}.crt"
     - src: "configs/{{ IP_subject_alt_name }}/pki/cacert.pem"
       dest: "{{ configs_prefix }}/ipsec.d/cacerts/{{ IP_subject_alt_name }}.pem"
     - src: "configs/{{ IP_subject_alt_name }}/pki/private/{{ vpn_user }}.key"
-      dest: "{{ configs_prefix }}/ipsec.d/private/{{ IP_subject_alt_name }}_{{ vpn_user }}.key"
+      dest: "{{ configs_prefix }}/ipsec.d/private/{{ vpn_user }}.key"
   notify:
     - restart strongswan