| # strongswan templates/ipsec.conf - {{ ansible_managed }} |
| # |
| # SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org> |
| # SPDX-License-Identifier: Apache-2.0 |
| |
| # basic configuration |
| config setup |
| # strictcrlpolicy=yes |
| # uniqueids = no |
| |
| conn %default |
| ikelifetime={{ strongswan_conf_phase1_lifetime }} |
| keylife={{ strongswan_conf_phase2_lifetime }} |
| lifetime={{ strongswan_conf_phase2_lifetime }} |
| rekeymargin=3m |
| keyingtries=3 |
| keyexchange={{ strongswan_conf_key_exchange }} |
| mobike=no |
| ike={{ strongswan_conf_ike_cipher }} |
| esp={{ strongswan_conf_esp_cipher }} |
| authby={{ strongswan_conf_auth_type }} |
| auto={{ strongswan_conf_auto }} |
| reauth={{ strongswan_conf_reauth }} |
| type=tunnel |
| dpdaction={{ strongswan_conf_dpdaction }} |
| |
| {% for conn in strongswan_conf_connections %} |
| conn {{ conn.name }} |
| {% if conn.vti is defined %} |
| leftupdown="/etc/ipsec.d/ipsec-vti.sh {{ conn.name }} {{ conn.vti.remote }} {{ conn.vti.local }}" |
| {% endif %} |
| left={{ conn.left }} |
| leftid={{ conn.leftid }} |
| leftsubnet={{ conn.left_subnets }} |
| leftauth={{ strongswan_conf_auth_type }} |
| right={{ conn.right }} |
| rightsubnet={{ conn.right_subnets }} |
| rightauth={{ strongswan_conf_auth_type }} |
| mark=%unique |
| {% endfor %} |