Openvpn client config pr 2.x (#2299)

* Allowing openvpn role to set up a client config location.

* Refactoring openvpn role into blocks and creating client config directory.

* Removing MIT GPG server from defaults.

* We will need to delete default push routes if client config provides them.

Author: gregharvey

roles/debian/openvpn/defaults/main.yml

@@ -18,6 +18,7 @@ openvpn:
   # See --client-config-dir in the manual - https://openvpn.net/community-resources/reference-manual-for-openvpn-2-0/
   # This can be useful for activities such as providing a long list of push routes to manage as an include.
   client_config_dir: "" # empty means this will not be set
+  client_config_push_routes: false # if you are providing push routes in your client config, set this to true to remove the default ones
   # PAM and LDAP authentication
   pam:
     enabled: false # relies on `openvpn-plugin-auth-pam.so` which is bundled with OpenVPN server for Debian

roles/debian/openvpn/tasks/main.yml

@@ -115,6 +115,16 @@
 - name: Set up client config directory.
   when: openvpn.client_config_dir | length > 0
   block:
+    - name: Remove default push-route.
+      ansible.builtin.lineinfile:
+        path: /etc/openvpn/server.conf
+        search_string: 'redirect-gateway'
+        state: absent
+        owner: root
+        group: root
+        mode: '0644'
+      when: openvpn.client_config_push_routes
+
     - name: Create client config directory if it doesn't exist.
       ansible.builtin.file:
         path: "{{ openvpn.client_config_dir }}"