commit a5c3f64f254b26fafbab5465657851fb946ce159
author Hyunsun Moon <hyunsun.moon@gmail.com> Wed Nov 11 02:53:03 2020 -0800
committer Hyunsun Moon <hyunsun.moon@gmail.com> Thu Nov 12 11:41:03 2020 -0800
tree ef8e7ecb231104c5cad1cba283508a1b11479bc5
parent df037fdd0b3c272df2cf8ea41540da8327dd3d5a

AETHER-918 Initial commit of strongSwan role

Change-Id: I090832bd211f9f053fecc7abda851bf9edc696b1

templates/ipsec.conf.j2

diff --git a/templates/ipsec.conf.j2 b/templates/ipsec.conf.j2
new file mode 100644
index 0000000..2410e59
--- /dev/null
+++ b/templates/ipsec.conf.j2
@@ -0,0 +1,40 @@
+# strongswan templates/ipsec.conf - {{ ansible_managed }}
+#
+# SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
+# SPDX-License-Identifier: Apache-2.0
+
+# basic configuration
+config setup
+    # strictcrlpolicy=yes
+    # uniqueids = no
+
+conn %default
+    ikelifetime={{ strongswan_conf_phase1_lifetime }}
+    keylife={{ strongswan_conf_phase2_lifetime }}
+    lifetime={{ strongswan_conf_phase2_lifetime }}
+    rekeymargin=3m
+    keyingtries=3
+    keyexchange={{ strongswan_conf_key_exchange }}
+    mobike=no
+    ike={{ strongswan_conf_ike_cipher }}
+    esp={{ strongswan_conf_esp_cipher }}
+    authby={{ strongswan_conf_auth_type }}
+
+{% for conn in strongswan_conf_connections %}
+conn {{ conn.name }}
+{% if conn.vti is defined %}
+    leftupdown="/etc/ipsec.d/ipsec-vti.sh -ln {{ conn.name }} -ll {{ conn.vti.local }} -lr {{ conn.vti.remote }} -m {{ conn.vti.mark }}"
+    mark={{ conn.vti.mark }}
+{% endif %}
+    left={{ conn.left }}
+    leftid={{ conn.leftid }}
+    leftsubnet={{ conn.left_subnets }}
+    leftauth={{ strongswan_conf_auth_type }}
+    right={{ conn.right }}
+    rightsubnet={{ conn.right_subnets }}
+    rightauth={{ strongswan_conf_auth_type }}
+    auto=start
+    type=tunnel
+    dpdaction=restart
+    closeaction=restart
+{% endfor %}