diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2014-06-25 05:22:58 +0200 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-07 02:51:51 +0200 |
commit | a4d0e4a7f8cd829de8346fb6edd9866cc855134f (patch) | |
tree | 2b66a0fb217b9fc200dcaaa51ca426283318ff58 /roles/common/templates/etc/fail2ban | |
parent | 01abd3dbf8e357fd71ebfa41519dc4d1f4bc0bd8 (diff) |
Don't require a PKI for IPSec.
Instead, generate a server certificate for each host (on the machine
itself). Then fetch all these certs locally, and copy them over to each
IPSec peer. That requires more certs to be stored on each machines (n
vs 2), but it can be done automatically, and is easier to deploy.
Note: When adding a new machine to the inventory, one needs to run the
playbook on that machine (to generate the cert and fetch it locally)
first, then on all other machines.
Diffstat (limited to 'roles/common/templates/etc/fail2ban')
0 files changed, 0 insertions, 0 deletions