diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2013-10-30 21:49:34 +0100 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-07 02:50:31 +0200 |
commit | 42ec51e418142f68a97d96663a43ae617c971ad5 (patch) | |
tree | a329b6705d0c55d33b952c07a032e45fb3919c4c /roles/common/tasks/ipsec.yml | |
parent | 035ea3c7dbe80c92c59635f710076c586c7394c8 (diff) |
Configure IPSec.
Diffstat (limited to 'roles/common/tasks/ipsec.yml')
-rw-r--r-- | roles/common/tasks/ipsec.yml | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/roles/common/tasks/ipsec.yml b/roles/common/tasks/ipsec.yml new file mode 100644 index 0000000..d4270d7 --- /dev/null +++ b/roles/common/tasks/ipsec.yml @@ -0,0 +1,39 @@ +- name: Install strongSwan + apt: pkg=strongswan-ikev2 + +- name: Ensure we have our private key + file: path=/etc/ipsec.d/private/{{ inventory_hostname }}.key + owner=root group=root + mode=0600 + notify: + - Missing IPSec certificate + +- name: Ensure we have our public key + file: path=/etc/ipsec.d/certs/{{ inventory_hostname }}.pem + owner=root group=root + mode=0644 + notify: + - Missing IPSec certificate + +- name: Ensure we have the CA's public key + file: path=/etc/ipsec.d/cacerts/cacert.pem + owner=root group=root + mode=0644 + notify: + - Missing IPSec certificate + +- name: Configure IPSec's secrets + template: src=etc/ipsec.secrets.j2 + dest=/etc/ipsec.secrets + owner=root group=root + mode=0600 + notify: + - Restart IPSec + +- name: Configure IPSec + template: src=etc/ipsec.conf.j2 + dest=/etc/ipsec.conf + owner=root group=root + mode=0644 + notify: + - Restart IPSec |