diff options
Diffstat (limited to 'roles/common/templates')
| -rw-r--r-- | roles/common/templates/etc/ipsec.conf.j2 | 17 |
1 files changed, 4 insertions, 13 deletions
diff --git a/roles/common/templates/etc/ipsec.conf.j2 b/roles/common/templates/etc/ipsec.conf.j2 index 5ac2dd1..1dbcdbd 100644 --- a/roles/common/templates/etc/ipsec.conf.j2 +++ b/roles/common/templates/etc/ipsec.conf.j2 @@ -1,39 +1,30 @@ # {{ ansible_managed }} # Do NOT edit this file directly! config setup - # crlcheckinterval = 600 - strictcrlpolicy = no - # cachecrls = yes - plutostart = no + plutostart = no # Add connections here. conn %default keyexchange = ikev2 ikelifetime = 1h keylife = 15m rekeymargin = 3m keyingtries = 1 esp = aes128gcm16-ecp256! ike = aes128gcm16-aesxcbc-ecp256! # TODO: test DynDNS mobike = no leftauth = pubkey left = %defaultroute leftcert = {{ inventory_hostname }}.pem - leftid = "C=SE, O=Fripost, OU=IPsec, CN={{ inventory_hostname }}" - leftca = "C=SE, O=Fripost, OU=root CA, CN=IPsec (internal network)" leftfirewall = yes rightauth = pubkey - rightca = %same auto = start - -{% for host in groups.all|sort %} -{% if host != inventory_hostname %} +{% for host in groups.all | difference([inventory_hostname]) | sort %} conn {{ host }} - right = {{ hostvars[host]['inventory_hostname'] }} - rightid = "C=SE, O=Fripost, OU=IPsec, CN={{ hostvars[host]['inventory_hostname'] }}" -{% endif -%} + right = {{ hostvars[host]['inventory_hostname'] }} + rightcert = {{ hostvars[host]['inventory_hostname'] }}.pem {%- endfor %} |