Gitiles
Code Review Sign In
gerrit.opencord.org / ansible / role / strongswan / 2c0a0e3d54533349984c3cb94bbaf2c1dcd48f38 / . / templates / ipsec.conf.j2
blob: 67f4e6cb95133b80b113045194af0d9959a56d38 [file] [log] [blame]
Hyunsun Moona5c3f642020-11-11 02:53:03 -0800[diff] [blame]1# strongswan templates/ipsec.conf - {{ ansible_managed }}
2#
3# SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
4# SPDX-License-Identifier: Apache-2.0
5
6# basic configuration
7config setup
8 # strictcrlpolicy=yes
9 # uniqueids = no
10
11conn %default
12 ikelifetime={{ strongswan_conf_phase1_lifetime }}
13 keylife={{ strongswan_conf_phase2_lifetime }}
14 lifetime={{ strongswan_conf_phase2_lifetime }}
15 rekeymargin=3m
Hyunsun Moon2c0a0e32022-02-08 20:08:16 -0800[diff] [blame^]16 keyingtries={{ strongswan_conf_keyingtries }}
Hyunsun Moona5c3f642020-11-11 02:53:03 -0800[diff] [blame]17 keyexchange={{ strongswan_conf_key_exchange }}
18 mobike=no
19 ike={{ strongswan_conf_ike_cipher }}
20 esp={{ strongswan_conf_esp_cipher }}
21 authby={{ strongswan_conf_auth_type }}
Hyunsun Moon6a19e042021-01-19 21:30:56 -0800[diff] [blame]22 auto={{ strongswan_conf_auto }}
23 reauth={{ strongswan_conf_reauth }}
24 type=tunnel
Hyunsun Moone797c952021-09-27 11:43:21 -0700[diff] [blame]25 dpdaction={{ strongswan_conf_dpdaction }}
Hyunsun Moona5c3f642020-11-11 02:53:03 -0800[diff] [blame]26
27{% for conn in strongswan_conf_connections %}
28conn {{ conn.name }}
29{% if conn.vti is defined %}
Hyunsun Moon6a19e042021-01-19 21:30:56 -0800[diff] [blame]30 leftupdown="/etc/ipsec.d/ipsec-vti.sh {{ conn.name }} {{ conn.vti.remote }} {{ conn.vti.local }}"
Hyunsun Moona5c3f642020-11-11 02:53:03 -0800[diff] [blame]31{% endif %}
32 left={{ conn.left }}
33 leftid={{ conn.leftid }}
34 leftsubnet={{ conn.left_subnets }}
35 leftauth={{ strongswan_conf_auth_type }}
36 right={{ conn.right }}
37 rightsubnet={{ conn.right_subnets }}
38 rightauth={{ strongswan_conf_auth_type }}
Hyunsun Moon2c0a0e32022-02-08 20:08:16 -0800[diff] [blame^]39{% if conn.vti is defined %}
Hyunsun Moon6a19e042021-01-19 21:30:56 -0800[diff] [blame]40 mark=%unique
Hyunsun Moon2c0a0e32022-02-08 20:08:16 -0800[diff] [blame^]41{% endif %}
Hyunsun Moona5c3f642020-11-11 02:53:03 -0800[diff] [blame]42{% endfor %}