Page MenuHomeDevCentral
Paste P387

ipsec
ActivePublic
Actions

Authored by Duranzed on Wed, Mar 4, 13:32.
Tags
None
Referenced Files
F24673861: ipsec
Wed, Mar 4, 13:32
Subscribers
None
{% from "map.jinja" import dirs with context %}
# -------------------------------------------------------------
# Strongswan(IPsec) configuration
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ dirs.etc }}/swanctl/swanctl.conf:
file.managed:
- source: salt://roles/core/network/files/swanctl.conf
- user: root
- group: wheel
- mode: 600
- template: jinja
- context:
tunnel_name: "IPsec"
child_name: "gre"
vip_carp: {{pillar.drake_IPsec_tunnels_service.vip_carp}}
ike_proposals: {{ pillar.drake_IPsec_config.ike_proposals }}
esp_proposals: {{ pillar.drake_IPsec_config.esp_proposals }}
child_mode: "tunnel"
#tunnel vers windriver
remote_ip_windriver: {{ pillar.drake_IPsec_tunnels_service.tunnels.to_windriver.remote_ip_windriver }}
remote_ts_windriver: {{ pillar.drake_IPsec_tunnels_service.tunnels.to_windriver.remote_ts_windriver }}
local_ts_windriver: {{ pillar.drake_IPsec_tunnels_service.tunnels.to_windriver.local_ts_windriver }}
#tunnel vers ysul
remote_ip_ysul: {{ pillar.drake_IPsec_tunnels_service.tunnels.to_ysul.remote_ip_ysul }}
remote_ts_ysul: {{ pillar.drake_IPsec_tunnels_service.tunnels.to_ysul.remote_ts_ysul }}
local_ts_ysul: {{ pillar.drake_IPsec_tunnels_service.tunnels.to_ysul.local_ts_ysul }}
psk_secret: {{ salt["credentials.get_password"]( 'network/ipsec/key') }}
strongswan_reload:
cmd.run:
- name: swanctl --load-all
- onchanges:
- file: {{ dirs.etc }}/swanctl/swanctl.conf

Event Timeline

Duranzed created this paste.Wed, Mar 4, 13:32
Duranzed updated the paste's language from autodetect to yaml.
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator