Hyunsun Moon | a5c3f64 | 2020-11-11 02:53:03 -0800 | [diff] [blame^] | 1 | # strongswan templates/ipsec.conf - {{ ansible_managed }} |
| 2 | # |
| 3 | # SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org> |
| 4 | # SPDX-License-Identifier: Apache-2.0 |
| 5 | |
| 6 | # basic configuration |
| 7 | config setup |
| 8 | # strictcrlpolicy=yes |
| 9 | # uniqueids = no |
| 10 | |
| 11 | conn %default |
| 12 | ikelifetime={{ strongswan_conf_phase1_lifetime }} |
| 13 | keylife={{ strongswan_conf_phase2_lifetime }} |
| 14 | lifetime={{ strongswan_conf_phase2_lifetime }} |
| 15 | rekeymargin=3m |
| 16 | keyingtries=3 |
| 17 | keyexchange={{ strongswan_conf_key_exchange }} |
| 18 | mobike=no |
| 19 | ike={{ strongswan_conf_ike_cipher }} |
| 20 | esp={{ strongswan_conf_esp_cipher }} |
| 21 | authby={{ strongswan_conf_auth_type }} |
| 22 | |
| 23 | {% for conn in strongswan_conf_connections %} |
| 24 | conn {{ conn.name }} |
| 25 | {% if conn.vti is defined %} |
| 26 | leftupdown="/etc/ipsec.d/ipsec-vti.sh -ln {{ conn.name }} -ll {{ conn.vti.local }} -lr {{ conn.vti.remote }} -m {{ conn.vti.mark }}" |
| 27 | mark={{ conn.vti.mark }} |
| 28 | {% endif %} |
| 29 | left={{ conn.left }} |
| 30 | leftid={{ conn.leftid }} |
| 31 | leftsubnet={{ conn.left_subnets }} |
| 32 | leftauth={{ strongswan_conf_auth_type }} |
| 33 | right={{ conn.right }} |
| 34 | rightsubnet={{ conn.right_subnets }} |
| 35 | rightauth={{ strongswan_conf_auth_type }} |
| 36 | auto=start |
| 37 | type=tunnel |
| 38 | dpdaction=restart |
| 39 | closeaction=restart |
| 40 | {% endfor %} |