From 42ec51e418142f68a97d96663a43ae617c971ad5 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Wed, 30 Oct 2013 21:49:34 +0100 Subject: Configure IPSec. --- roles/common/tasks/ipsec.yml | 39 +++++++++++++++++++++++++++++++++++++++ roles/common/tasks/main.yml | 1 + 2 files changed, 40 insertions(+) create mode 100644 roles/common/tasks/ipsec.yml (limited to 'roles/common/tasks') diff --git a/roles/common/tasks/ipsec.yml b/roles/common/tasks/ipsec.yml new file mode 100644 index 0000000..d4270d7 --- /dev/null +++ b/roles/common/tasks/ipsec.yml @@ -0,0 +1,39 @@ +- name: Install strongSwan + apt: pkg=strongswan-ikev2 + +- name: Ensure we have our private key + file: path=/etc/ipsec.d/private/{{ inventory_hostname }}.key + owner=root group=root + mode=0600 + notify: + - Missing IPSec certificate + +- name: Ensure we have our public key + file: path=/etc/ipsec.d/certs/{{ inventory_hostname }}.pem + owner=root group=root + mode=0644 + notify: + - Missing IPSec certificate + +- name: Ensure we have the CA's public key + file: path=/etc/ipsec.d/cacerts/cacert.pem + owner=root group=root + mode=0644 + notify: + - Missing IPSec certificate + +- name: Configure IPSec's secrets + template: src=etc/ipsec.secrets.j2 + dest=/etc/ipsec.secrets + owner=root group=root + mode=0600 + notify: + - Restart IPSec + +- name: Configure IPSec + template: src=etc/ipsec.conf.j2 + dest=/etc/ipsec.conf + owner=root group=root + mode=0644 + notify: + - Restart IPSec diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index a2b7aad..ea85900 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -6,3 +6,4 @@ - include: samhain.yml tags=samhain - include: rkhunter.yml tags=rkhunter - include: fail2ban.yml tags=fail2ban +- include: ipsec.yml tags=strongswan,ipsec -- cgit v1.2.3