--- - name: Check VPN Test Results from Client hosts: production gather_facts: no become: no tasks: - name: Check latest Grafana access attempts shell: | cd ~/deployment/stacks/traefik echo "=== Last 20 Grafana Access Attempts ===" tail -500 logs/access.log | grep -i grafana | tail -20 | while IFS= read -r line; do time=$(echo "$line" | grep -oP '"time":"[^"]*"' | sed 's/"time":"//;s/"//' | cut -d'T' -f2 | cut -d'+' -f1 | cut -d':' -f1-2) client=$(echo "$line" | grep -oP '"ClientHost":"[^"]*"' | sed 's/"ClientHost":"//;s/"//') status=$(echo "$line" | grep -oP '"DownstreamStatus":[0-9]+' | sed 's/"DownstreamStatus"://') method=$(echo "$line" | grep -oP '"RequestMethod":"[^"]*"' | sed 's/"RequestMethod":"//;s/"//') path=$(echo "$line" | grep -oP '"RequestPath":"[^"]*"' | sed 's/"RequestPath":"//;s/"//') if [[ "$client" =~ ^10\.8\.0\.[0-9]+$ ]]; then echo "? $time | ClientHost: $client | Status: $status | $method $path ? VPN-IP (Traffic kommt ?ber VPN!)" elif [[ "$client" == "89.246.96.244" ]]; then echo "? $time | ClientHost: $client | Status: $status | $method $path ? ?ffentliche IP (Traffic kommt NICHT ?ber VPN)" else echo "? $time | ClientHost: $client | Status: $status | $method $path ? Unbekannt" fi done args: executable: /bin/bash register: recent_access ignore_errors: yes failed_when: false - name: Display recent access attempts debug: msg: "{{ recent_access.stdout_lines }}" - name: Extract unique client IPs from recent requests shell: | cd ~/deployment/stacks/traefik tail -100 logs/access.log | grep -i grafana | tail -20 | grep -oP '"ClientHost":"[^"]*"' | sed 's/"ClientHost":"//;s/"//' | sort -u args: executable: /bin/bash register: unique_ips ignore_errors: yes failed_when: false - name: Display unique client IPs debug: msg: "{{ unique_ips.stdout_lines }}" - name: Analyze client IP distribution shell: | cd ~/deployment/stacks/traefik echo "=== Client IP Analysis (Last 20 requests) ===" VPN_COUNT=$(tail -100 logs/access.log | grep -i grafana | tail -20 | grep -oP '"ClientHost":"10\.8\.0\.[0-9]+"' | wc -l) PUBLIC_COUNT=$(tail -100 logs/access.log | grep -i grafana | tail -20 | grep -oP '"ClientHost":"89\.246\.96\.244"' | wc -l) TOTAL=$(tail -100 logs/access.log | grep -i grafana | tail -20 | wc -l) echo "Total Grafana requests (last 20): $TOTAL" echo "VPN IP requests (10.8.0.x): $VPN_COUNT" echo "Public IP requests (89.246.96.244): $PUBLIC_COUNT" if [ "$VPN_COUNT" -gt 0 ]; then echo "" echo "? SUCCESS: Traffic is coming through VPN!" echo " $VPN_COUNT out of $TOTAL requests used VPN IP" elif [ "$PUBLIC_COUNT" -gt 0 ]; then echo "" echo "? PROBLEM: Traffic is NOT coming through VPN" echo " $PUBLIC_COUNT out of $TOTAL requests used public IP" echo " Check VPN routing configuration on client" else echo "" echo "?? No recent Grafana requests found" fi args: executable: /bin/bash register: ip_analysis ignore_errors: yes failed_when: false - name: Display IP analysis debug: msg: "{{ ip_analysis.stdout_lines }}" - name: Check WireGuard peer status for test-client shell: | echo "=== WireGuard Peer Status ===" sudo wg show | grep -A 5 "YbjBipkOHjLfcIYQKDReJ1swseczqHolTCRv7+LHnmw=" || echo "Peer not found or not connected" args: executable: /bin/bash register: wg_peer_status ignore_errors: yes failed_when: false - name: Display WireGuard peer status debug: msg: "{{ wg_peer_status.stdout_lines }}" - name: Final recommendations debug: msg: - "" - "=== ERGEBNIS ===" - "" - "Pr?fe die obigen Zeilen:" - "" - "? Wenn ClientHost: 10.8.0.x ? Traffic kommt ?ber VPN!" - " ? Dann k?nnen wir die tempor?re IP-Erlaubnis entfernen!" - "" - "? Wenn ClientHost: 89.246.96.244 ? Traffic kommt NICHT ?ber VPN" - " ? Dann m?ssen wir das VPN-Routing auf dem Client pr?fen" - "" - "N?chste Schritte:" - "1. Wenn VPN funktioniert: Temporary IP-Erlaubnis entfernen" - "2. Wenn VPN nicht funktioniert: Route-Tabellen auf Client pr?fen"