From 42ec51e418142f68a97d96663a43ae617c971ad5 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Wed, 30 Oct 2013 21:49:34 +0100 Subject: Configure IPSec. --- roles/common/templates/etc/ipsec.conf.j2 | 40 +++++++++++++++++++++++++++++ roles/common/templates/etc/ipsec.secrets.j2 | 5 ++++ 2 files changed, 45 insertions(+) create mode 100644 roles/common/templates/etc/ipsec.conf.j2 create mode 100644 roles/common/templates/etc/ipsec.secrets.j2 (limited to 'roles/common/templates') diff --git a/roles/common/templates/etc/ipsec.conf.j2 b/roles/common/templates/etc/ipsec.conf.j2 new file mode 100644 index 0000000..ceed16a --- /dev/null +++ b/roles/common/templates/etc/ipsec.conf.j2 @@ -0,0 +1,40 @@ +# {{ ansible_managed }} +# Do NOT edit this file directly! + +config setup + # crlcheckinterval = 600 + strictcrlpolicy = no + # cachecrls = yes + plutostart = no + +# Add connections here. + +conn %default + keyexchange = ikev2 + ikelifetime = 1h + keylife = 15m + rekeymargin = 3m + keyingtries = 1 + esp = aes128gcm16-ecp256! + ike = aes128gcm16-aesxcbc-ecp256! + # TODO: test DynDNS + mobike = no + leftauth = pubkey + left = %defaultroute + leftcert = {{ inventory_hostname }}.pem + leftid = "C=SE, O=Fripost, OU=IPsec, CN={{ inventory_hostname }}" + leftca = "C=SE, O=Fripost, OU=root CA, CN=IPsec (internal network)" + leftfirewall = yes + rightauth = pubkey + rightca = %same + type = transport + auto = start + +{% for host in groups.all|sort %} +{% if host != inventory_hostname %} + +conn {{ host }} + right = {{ hostvars[host]['inventory_hostname'] }} + rightid = "C=SE, O=Fripost, OU=IPsec, CN={{ hostvars[host]['inventory_hostname'] }}" +{% endif -%} +{%- endfor %} diff --git a/roles/common/templates/etc/ipsec.secrets.j2 b/roles/common/templates/etc/ipsec.secrets.j2 new file mode 100644 index 0000000..da707bd --- /dev/null +++ b/roles/common/templates/etc/ipsec.secrets.j2 @@ -0,0 +1,5 @@ +# {{ ansible_managed }} +# Do NOT edit this file directly! + +# Our VPN uses ECC only. +: ECDSA {{ inventory_hostname }}.key -- cgit v1.2.3