Hyunsun Moon | a5c3f64 | 2020-11-11 02:53:03 -0800 | [diff] [blame] | 1 | # strongswan templates/ipsec.conf - {{ ansible_managed }} |
| 2 | # |
| 3 | # SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org> |
| 4 | # SPDX-License-Identifier: Apache-2.0 |
| 5 | |
| 6 | # basic configuration |
| 7 | config setup |
| 8 | # strictcrlpolicy=yes |
| 9 | # uniqueids = no |
| 10 | |
| 11 | conn %default |
| 12 | ikelifetime={{ strongswan_conf_phase1_lifetime }} |
| 13 | keylife={{ strongswan_conf_phase2_lifetime }} |
| 14 | lifetime={{ strongswan_conf_phase2_lifetime }} |
| 15 | rekeymargin=3m |
Hyunsun Moon | 2c0a0e3 | 2022-02-08 20:08:16 -0800 | [diff] [blame] | 16 | keyingtries={{ strongswan_conf_keyingtries }} |
Hyunsun Moon | a5c3f64 | 2020-11-11 02:53:03 -0800 | [diff] [blame] | 17 | keyexchange={{ strongswan_conf_key_exchange }} |
| 18 | mobike=no |
| 19 | ike={{ strongswan_conf_ike_cipher }} |
| 20 | esp={{ strongswan_conf_esp_cipher }} |
| 21 | authby={{ strongswan_conf_auth_type }} |
Hyunsun Moon | 6a19e04 | 2021-01-19 21:30:56 -0800 | [diff] [blame] | 22 | auto={{ strongswan_conf_auto }} |
| 23 | reauth={{ strongswan_conf_reauth }} |
| 24 | type=tunnel |
Hyunsun Moon | e797c95 | 2021-09-27 11:43:21 -0700 | [diff] [blame] | 25 | dpdaction={{ strongswan_conf_dpdaction }} |
Zack Williams | f7cfb4f | 2022-03-28 16:42:52 -0700 | [diff] [blame] | 26 | closeaction={{ strongswan_conf_closeaction }} |
Hyunsun Moon | a5c3f64 | 2020-11-11 02:53:03 -0800 | [diff] [blame] | 27 | |
| 28 | {% for conn in strongswan_conf_connections %} |
| 29 | conn {{ conn.name }} |
| 30 | {% if conn.vti is defined %} |
Hyunsun Moon | 6a19e04 | 2021-01-19 21:30:56 -0800 | [diff] [blame] | 31 | leftupdown="/etc/ipsec.d/ipsec-vti.sh {{ conn.name }} {{ conn.vti.remote }} {{ conn.vti.local }}" |
Zack Williams | 25979e2 | 2022-07-11 10:49:46 -0700 | [diff] [blame^] | 32 | mark=%unique |
Hyunsun Moon | a5c3f64 | 2020-11-11 02:53:03 -0800 | [diff] [blame] | 33 | {% endif %} |
| 34 | left={{ conn.left }} |
| 35 | leftid={{ conn.leftid }} |
| 36 | leftsubnet={{ conn.left_subnets }} |
| 37 | leftauth={{ strongswan_conf_auth_type }} |
| 38 | right={{ conn.right }} |
| 39 | rightsubnet={{ conn.right_subnets }} |
| 40 | rightauth={{ strongswan_conf_auth_type }} |
Zack Williams | 25979e2 | 2022-07-11 10:49:46 -0700 | [diff] [blame^] | 41 | {% if conn.dpdaction is defined %} |
| 42 | dpdaction={{ conf.dpdaction }} |
| 43 | {% endif %} |
| 44 | {% if conn.closeaction is defined %} |
| 45 | closeaction={{ conf.closeaction }} |
Hyunsun Moon | 2c0a0e3 | 2022-02-08 20:08:16 -0800 | [diff] [blame] | 46 | {% endif %} |
Hyunsun Moon | a5c3f64 | 2020-11-11 02:53:03 -0800 | [diff] [blame] | 47 | {% endfor %} |