summaryrefslogtreecommitdiffstats
path: root/roles/common/templates/etc
diff options
context:
space:
mode:
Diffstat (limited to 'roles/common/templates/etc')
-rw-r--r--roles/common/templates/etc/ipsec.conf.j217
1 files changed, 4 insertions, 13 deletions
diff --git a/roles/common/templates/etc/ipsec.conf.j2 b/roles/common/templates/etc/ipsec.conf.j2
index 5ac2dd1..1dbcdbd 100644
--- a/roles/common/templates/etc/ipsec.conf.j2
+++ b/roles/common/templates/etc/ipsec.conf.j2
@@ -2,10 +2,7 @@
# Do NOT edit this file directly!
config setup
- # crlcheckinterval = 600
- strictcrlpolicy = no
- # cachecrls = yes
- plutostart = no
+ plutostart = no
# Add connections here.
@@ -22,18 +19,12 @@ conn %default
leftauth = pubkey
left = %defaultroute
leftcert = {{ inventory_hostname }}.pem
- leftid = "C=SE, O=Fripost, OU=IPsec, CN={{ inventory_hostname }}"
- leftca = "C=SE, O=Fripost, OU=root CA, CN=IPsec (internal network)"
leftfirewall = yes
rightauth = pubkey
- rightca = %same
auto = start
-
-{% for host in groups.all|sort %}
-{% if host != inventory_hostname %}
+{% for host in groups.all | difference([inventory_hostname]) | sort %}
conn {{ host }}
- right = {{ hostvars[host]['inventory_hostname'] }}
- rightid = "C=SE, O=Fripost, OU=IPsec, CN={{ hostvars[host]['inventory_hostname'] }}"
-{% endif -%}
+ right = {{ hostvars[host]['inventory_hostname'] }}
+ rightcert = {{ hostvars[host]['inventory_hostname'] }}.pem
{%- endfor %}