dch-network: Add more FireMon networks

This commit updates the list of FireMon networks to include the Caverns
Production (172.16.0.0/24) and Caverns Admin (172.24.16.0/20) networks.
This is necessary to ensure OpenVPN routes are created for these
networks.

group_vars/dch-gw/dch-network.yml

@@ -71,6 +71,8 @@ dch_networks:
 
 firemon_networks:
 - 192.168.0.0/16
+- 172.16.0.0/20
+- 172.24.16.0/20
 - 172.28.33.0/24
 
 

roles/dch-openvpn-server/tasks/main.yml

@@ -24,12 +24,12 @@
     mode=0755
     state=directory
 - name: ensure openvpn client config files are set
-  copy:
+  template:
     src={{ item }}
-    dest=/etc/openvpn/server/clients/{{ item|basename }}
+    dest=/etc/openvpn/server/clients/{{ (item|basename|splitext)[0] }}
     mode=0640
   notify: restart pyrocufflink openvpn server
-  with_fileglob: 'clients/*'
+  with_fileglob: '../templates/clients/*.j2'
 
 - name: ensure openvpn ca certificate is installed
   copy:

roles/dch-openvpn-server/templates/clients/dhatch-d4b.securepassage.com.j2

@@ -1,6 +1,6 @@
 ifconfig-push 172.30.0.210 255.255.255.240
-iroute 192.168.0.0 255.255.0.0
+{% for net in firemon_networks %}
-iroute 172.16.0.0 255.255.240.0
+iroute {{ net|ipaddr('network') }} {{ net|ipaddr('netmask') }}
-iroute 172.28.33.0 255.255.255.0
+{% endfor %}
 push "route 172.30.0.0 255.255.255.192 172.30.0.209"
 push "route 172.31.0.0 255.255.255.224 172.30.0.209"

roles/dch-openvpn-server/templates/pyrocufflink.openvpn.conf.j2

@@ -12,9 +12,9 @@ dh dh2048.pem
 topology subnet
 push "topology subnet"
 ifconfig 172.30.0.209 255.255.255.240
-route 192.168.0.0 255.255.0.0 172.30.0.210
+{% for net in firemon_networks %}
-route 172.16.0.0 255.255.240.0 172.30.0.210
+route {{ net|ipaddr('network') }} {{ net|ipaddr('netmask') }} 172.30.0.210
-route 172.28.33.0 255.255.255.0 172.30.0.210
+{% endfor %}
 client-to-client
 client-config-dir clients