diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2024-09-08 02:32:24 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2024-09-08 02:32:24 +0200 |
| commit | bc41db5237d188c339d25d96a20465e488ea5475 (patch) | |
| tree | 47765c4acb8a21166435b00aa9d184543d87bf7e /roles/common/templates/etc/ipsec.conf.j2 | |
| parent | 7a36aa2b69d16b768c1e23829087d26a9e87423f (diff) | |
Firewall: Harden IPsec configuration by pining the reqids.
Diffstat (limited to 'roles/common/templates/etc/ipsec.conf.j2')
| -rw-r--r-- | roles/common/templates/etc/ipsec.conf.j2 | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/roles/common/templates/etc/ipsec.conf.j2 b/roles/common/templates/etc/ipsec.conf.j2 index e7505b4..eaa9a08 100644 --- a/roles/common/templates/etc/ipsec.conf.j2 +++ b/roles/common/templates/etc/ipsec.conf.j2 @@ -37,6 +37,7 @@ conn {{ hostvars[host].inventory_hostname_short }} {% endif %} rightsigkey = {{ hostvars[host].inventory_hostname_short }}.pem rightsubnet = {{ ipsec[ hostvars[host].inventory_hostname_short ] | ansible.utils.ipv4 }}/32 + reqid = {{ ipsec[ hostvars[host].inventory_hostname_short ].replace(":",".").split(".")[-1] }} {% if 'NATed' not in group_names and 'NATed' in hostvars[host].group_names %} mobike = yes {% endif %} |