templates/ipsec.conf.j2 - ansible/role/strongswan - Gitiles

 # strongswan templates/ipsec.conf - {{ ansible_managed }}
 #
 # SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
 # SPDX-License-Identifier: Apache-2.0

 # basic configuration
 config setup
     # strictcrlpolicy=yes
     # uniqueids = no

 conn %default
     ikelifetime={{ strongswan_conf_phase1_lifetime }}
     keylife={{ strongswan_conf_phase2_lifetime }}
     lifetime={{ strongswan_conf_phase2_lifetime }}
     rekeymargin=3m
     keyingtries={{ strongswan_conf_keyingtries }}
     keyexchange={{ strongswan_conf_key_exchange }}
     mobike=no
     ike={{ strongswan_conf_ike_cipher }}
     esp={{ strongswan_conf_esp_cipher }}
     authby={{ strongswan_conf_auth_type }}
     auto={{ strongswan_conf_auto }}
     reauth={{ strongswan_conf_reauth }}
     type=tunnel
     dpdaction={{ strongswan_conf_dpdaction }}

 {% for conn in strongswan_conf_connections %}
 conn {{ conn.name }}
 {% if conn.vti is defined %}
     leftupdown="/etc/ipsec.d/ipsec-vti.sh {{ conn.name }} {{ conn.vti.remote }} {{ conn.vti.local }}"
 {% endif %}
     left={{ conn.left }}
     leftid={{ conn.leftid }}
     leftsubnet={{ conn.left_subnets }}
     leftauth={{ strongswan_conf_auth_type }}
     right={{ conn.right }}
     rightsubnet={{ conn.right_subnets }}
     rightauth={{ strongswan_conf_auth_type }}
 {% if conn.vti is defined %}
     mark=%unique
 {% endif %}
 {% endfor %}
	# strongswan templates/ipsec.conf - {{ ansible_managed }}
	#
	# SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
	# SPDX-License-Identifier: Apache-2.0

	# basic configuration
	config setup
	# strictcrlpolicy=yes
	# uniqueids = no

	conn %default
	ikelifetime={{ strongswan_conf_phase1_lifetime }}
	keylife={{ strongswan_conf_phase2_lifetime }}
	lifetime={{ strongswan_conf_phase2_lifetime }}
	rekeymargin=3m
	keyingtries={{ strongswan_conf_keyingtries }}
	keyexchange={{ strongswan_conf_key_exchange }}
	mobike=no
	ike={{ strongswan_conf_ike_cipher }}
	esp={{ strongswan_conf_esp_cipher }}
	authby={{ strongswan_conf_auth_type }}
	auto={{ strongswan_conf_auto }}
	reauth={{ strongswan_conf_reauth }}
	type=tunnel
	dpdaction={{ strongswan_conf_dpdaction }}

	{% for conn in strongswan_conf_connections %}
	conn {{ conn.name }}
	{% if conn.vti is defined %}
	leftupdown="/etc/ipsec.d/ipsec-vti.sh {{ conn.name }} {{ conn.vti.remote }} {{ conn.vti.local }}"
	{% endif %}
	left={{ conn.left }}
	leftid={{ conn.leftid }}
	leftsubnet={{ conn.left_subnets }}
	leftauth={{ strongswan_conf_auth_type }}
	right={{ conn.right }}
	rightsubnet={{ conn.right_subnets }}
	rightauth={{ strongswan_conf_auth_type }}
	{% if conn.vti is defined %}
	mark=%unique
	{% endif %}
	{% endfor %}