ipsec
No One
Actions

Authored By

	Duranzed
	Wed, Mar 4, 13:32

Size

1 KB

Referenced Files

None

Subscribers

None

ipsec
View Options

	{% from "map.jinja" import dirs with context %}

	# -------------------------------------------------------------
	# Strongswan(IPsec) configuration
	# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

	{{ dirs.etc }}/swanctl/swanctl.conf:
	file.managed:
	- source: salt://roles/core/network/files/swanctl.conf
	- user: root
	- group: wheel
	- mode: 600
	- template: jinja
	- context:
	tunnel_name: "IPsec"
	child_name: "gre"
	vip_carp: {{pillar.drake_IPsec_tunnels_service.vip_carp}}
	ike_proposals: {{ pillar.drake_IPsec_config.ike_proposals }}
	esp_proposals: {{ pillar.drake_IPsec_config.esp_proposals }}
	child_mode: "tunnel"

	#tunnel vers windriver
	remote_ip_windriver: {{ pillar.drake_IPsec_tunnels_service.tunnels.to_windriver.remote_ip_windriver }}
	remote_ts_windriver: {{ pillar.drake_IPsec_tunnels_service.tunnels.to_windriver.remote_ts_windriver }}
	local_ts_windriver: {{ pillar.drake_IPsec_tunnels_service.tunnels.to_windriver.local_ts_windriver }}

	#tunnel vers ysul
	remote_ip_ysul: {{ pillar.drake_IPsec_tunnels_service.tunnels.to_ysul.remote_ip_ysul }}
	remote_ts_ysul: {{ pillar.drake_IPsec_tunnels_service.tunnels.to_ysul.remote_ts_ysul }}
	local_ts_ysul: {{ pillar.drake_IPsec_tunnels_service.tunnels.to_ysul.local_ts_ysul }}
	psk_secret: {{ salt["credentials.get_password"]( 'network/ipsec/key') }}

	strongswan_reload:
	cmd.run:
	- name: swanctl --load-all
	- onchanges:
	- file: {{ dirs.etc }}/swanctl/swanctl.conf