AETHER-918 Initial commit of strongSwan role
Change-Id: I090832bd211f9f053fecc7abda851bf9edc696b1
diff --git a/templates/ipsec.conf.j2 b/templates/ipsec.conf.j2
new file mode 100644
index 0000000..2410e59
--- /dev/null
+++ b/templates/ipsec.conf.j2
@@ -0,0 +1,40 @@
+# strongswan templates/ipsec.conf - {{ ansible_managed }}
+#
+# SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
+# SPDX-License-Identifier: Apache-2.0
+
+# basic configuration
+config setup
+ # strictcrlpolicy=yes
+ # uniqueids = no
+
+conn %default
+ ikelifetime={{ strongswan_conf_phase1_lifetime }}
+ keylife={{ strongswan_conf_phase2_lifetime }}
+ lifetime={{ strongswan_conf_phase2_lifetime }}
+ rekeymargin=3m
+ keyingtries=3
+ keyexchange={{ strongswan_conf_key_exchange }}
+ mobike=no
+ ike={{ strongswan_conf_ike_cipher }}
+ esp={{ strongswan_conf_esp_cipher }}
+ authby={{ strongswan_conf_auth_type }}
+
+{% for conn in strongswan_conf_connections %}
+conn {{ conn.name }}
+{% if conn.vti is defined %}
+ leftupdown="/etc/ipsec.d/ipsec-vti.sh -ln {{ conn.name }} -ll {{ conn.vti.local }} -lr {{ conn.vti.remote }} -m {{ conn.vti.mark }}"
+ mark={{ conn.vti.mark }}
+{% endif %}
+ left={{ conn.left }}
+ leftid={{ conn.leftid }}
+ leftsubnet={{ conn.left_subnets }}
+ leftauth={{ strongswan_conf_auth_type }}
+ right={{ conn.right }}
+ rightsubnet={{ conn.right_subnets }}
+ rightauth={{ strongswan_conf_auth_type }}
+ auto=start
+ type=tunnel
+ dpdaction=restart
+ closeaction=restart
+{% endfor %}
diff --git a/templates/ipsec.secrets.j2 b/templates/ipsec.secrets.j2
new file mode 100644
index 0000000..b7b99d6
--- /dev/null
+++ b/templates/ipsec.secrets.j2
@@ -0,0 +1,8 @@
+# strongswan templates/ipsec.secrets - {{ ansible_managed }}
+#
+# SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
+# SPDX-License-Identifier: Apache-2.0
+
+{% for conn in strongswan_conf_connections %}
+{{ conn.right }} : PSK "{{ conn.psk }}"
+{% endfor %}