Initial code

tasks/main.yml

+##
+# Ansible file to install VPN based on [strongSwan](https://www.strongswan.org/)
+#
+
+---
+# file: roles/vpn/tasks/main.yml
+
+- name: "VPN Role"
+  set_fact: role_vpn_started=true
+  tags: 'always'
+
+- block:
+
+  - include: 'vpn.yml'
+
+  - name: 'Remember that this role had been run'
+    set_fact: role_vpn_completed=true
+    tags: 'always'
+
+  when: '"vpn" not in excluded_roles and role_vpn_completed is not defined and vpn is defined and vpn.subnet is defined'

tasks/vpn.yml

+---
+# file: roles/vpn/tasks/vpn.yml
+
+- name: "Install extra packages"
+  apt:
+    name: '{{ item }}'
+    state: 'present'
+  with_items:
+    - 'strongswan'
+
+- name: "Configure IPSec"
+  template:
+    src: '{{ item }}.jinja2'
+    dest: '/etc/{{ item }}'
+    owner: 'root'
+    group: 'root'
+    mode: '600'
+  with_items:
+    - 'ipsec.conf'
+    - 'ipsec.secrets'

templates/ipsec.conf.jinja2

+config setup
+    uniqueids = no
+
+conn tunnel
+    forceencaps=yes
+    closeaction=restart
+    lifetime = 4h
+    ikelifetime = 30m
+    keylife = 15m
+    rekeymargin = 2m
+    keyingtries = 1
+    mobike = no
+    keyexchange = ike
+    ike = aes128-sha256-ecp256
+    esp = aes128-sha256-ecp256
+    left = {{ static_ipv4 }}
+    leftsubnet = {{ vpn.subnet }}
+    right = {{ vpn.external_host }}
+    rightsubnet = {{ vpn.external_host_subnet }}
+    leftauth = psk
+    rightauth = psk
+    auto = start

templates/ipsec.secrets.jinja2

+# This file holds shared secrets or RSA private keys for authentication.
+
+# RSA private key for this host, authenticating it to any other host
+# which knows the public part.
+
+{{ static_ipv4 }} {{ vpn.external_host }} : {{ vpn.external_secret }}