summaryrefslogtreecommitdiffstats
path: root/roles/common/templates/etc/ipsec.conf.j2
diff options
context:
space:
mode:
Diffstat (limited to 'roles/common/templates/etc/ipsec.conf.j2')
-rw-r--r--roles/common/templates/etc/ipsec.conf.j21
1 files changed, 0 insertions, 1 deletions
diff --git a/roles/common/templates/etc/ipsec.conf.j2 b/roles/common/templates/etc/ipsec.conf.j2
index ceed16a..5ac2dd1 100644
--- a/roles/common/templates/etc/ipsec.conf.j2
+++ b/roles/common/templates/etc/ipsec.conf.j2
@@ -10,31 +10,30 @@ config setup
# Add connections here.
conn %default
keyexchange = ikev2
ikelifetime = 1h
keylife = 15m
rekeymargin = 3m
keyingtries = 1
esp = aes128gcm16-ecp256!
ike = aes128gcm16-aesxcbc-ecp256!
# TODO: test DynDNS
mobike = no
leftauth = pubkey
left = %defaultroute
leftcert = {{ inventory_hostname }}.pem
leftid = "C=SE, O=Fripost, OU=IPsec, CN={{ inventory_hostname }}"
leftca = "C=SE, O=Fripost, OU=root CA, CN=IPsec (internal network)"
leftfirewall = yes
rightauth = pubkey
rightca = %same
- type = transport
auto = start
{% for host in groups.all|sort %}
{% if host != inventory_hostname %}
conn {{ host }}
right = {{ hostvars[host]['inventory_hostname'] }}
rightid = "C=SE, O=Fripost, OU=IPsec, CN={{ hostvars[host]['inventory_hostname'] }}"
{% endif -%}
{%- endfor %}
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-24 02:56:41 +0000