Gitiles
Code Review Sign In
gerrit.opencord.org / ansible / role / strongswan / f7cfb4f15c9edc314b22bc6c0999dcfd848aaad3 / . / templates / ipsec.conf.j2
blob: 0bf4a67791577739f75f8873ea8109ac2dcce8c1 [file] [log] [blame]
Hyunsun Moona5c3f642020-11-11 02:53:03 -0800[diff] [blame]1# strongswan templates/ipsec.conf - {{ ansible_managed }}
2#
3# SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
4# SPDX-License-Identifier: Apache-2.0
5
6# basic configuration
7config setup
8 # strictcrlpolicy=yes
9 # uniqueids = no
10
11conn %default
12 ikelifetime={{ strongswan_conf_phase1_lifetime }}
13 keylife={{ strongswan_conf_phase2_lifetime }}
14 lifetime={{ strongswan_conf_phase2_lifetime }}
15 rekeymargin=3m
Hyunsun Moon2c0a0e32022-02-08 20:08:16 -0800[diff] [blame]16 keyingtries={{ strongswan_conf_keyingtries }}
Hyunsun Moona5c3f642020-11-11 02:53:03 -0800[diff] [blame]17 keyexchange={{ strongswan_conf_key_exchange }}
18 mobike=no
19 ike={{ strongswan_conf_ike_cipher }}
20 esp={{ strongswan_conf_esp_cipher }}
21 authby={{ strongswan_conf_auth_type }}
Hyunsun Moon6a19e042021-01-19 21:30:56 -0800[diff] [blame]22 auto={{ strongswan_conf_auto }}
23 reauth={{ strongswan_conf_reauth }}
24 type=tunnel
Hyunsun Moone797c952021-09-27 11:43:21 -0700[diff] [blame]25 dpdaction={{ strongswan_conf_dpdaction }}
Zack Williamsf7cfb4f2022-03-28 16:42:52 -0700[diff] [blame^]26 closeaction={{ strongswan_conf_closeaction }}
Hyunsun Moona5c3f642020-11-11 02:53:03 -0800[diff] [blame]27
28{% for conn in strongswan_conf_connections %}
29conn {{ conn.name }}
30{% if conn.vti is defined %}
Hyunsun Moon6a19e042021-01-19 21:30:56 -0800[diff] [blame]31 leftupdown="/etc/ipsec.d/ipsec-vti.sh {{ conn.name }} {{ conn.vti.remote }} {{ conn.vti.local }}"
Hyunsun Moona5c3f642020-11-11 02:53:03 -0800[diff] [blame]32{% endif %}
33 left={{ conn.left }}
34 leftid={{ conn.leftid }}
35 leftsubnet={{ conn.left_subnets }}
36 leftauth={{ strongswan_conf_auth_type }}
37 right={{ conn.right }}
38 rightsubnet={{ conn.right_subnets }}
39 rightauth={{ strongswan_conf_auth_type }}
Hyunsun Moon2c0a0e32022-02-08 20:08:16 -0800[diff] [blame]40{% if conn.vti is defined %}
Hyunsun Moon6a19e042021-01-19 21:30:56 -0800[diff] [blame]41 mark=%unique
Hyunsun Moon2c0a0e32022-02-08 20:08:16 -0800[diff] [blame]42{% endif %}
Hyunsun Moona5c3f642020-11-11 02:53:03 -0800[diff] [blame]43{% endfor %}