Add ipsec role
This commit is contained in:
parent
8d6e9e16aa
commit
674ad35e28
42
ipsec/tasks/main.yml
Normal file
42
ipsec/tasks/main.yml
Normal file
|
@ -0,0 +1,42 @@
|
|||
---
|
||||
- name: Create /etc/ipsec dir
|
||||
file:
|
||||
path: /etc/ipsec
|
||||
state: directory
|
||||
mode: "0750"
|
||||
owner: root
|
||||
group: wheel
|
||||
tags:
|
||||
- ipsec
|
||||
|
||||
- name: Enable and start isakmpd service
|
||||
service:
|
||||
name: isakmpd
|
||||
arguments: '-K'
|
||||
state: started
|
||||
enabled: yes
|
||||
tags:
|
||||
- ipsec
|
||||
|
||||
- name: "Copy /etc/ipsec/{{ ipsec_name }}.conf"
|
||||
template:
|
||||
src: ipsec.conf.j2
|
||||
dest: "/etc/ipsec/{{ ipsec_name }}.conf"
|
||||
mode: "0640"
|
||||
owner: root
|
||||
group: wheel
|
||||
register: ipsec_conf
|
||||
tags:
|
||||
- ipsec
|
||||
|
||||
- name: "Check {{ ipsec_name }} config"
|
||||
command: "ipsecctl -nf /etc/ipsec/{{ ipsec_name }}.conf"
|
||||
changed_when: false
|
||||
tags:
|
||||
- ipsec
|
||||
|
||||
#- name: "Reload ipsec {{ ipsec_name }}"
|
||||
# command: "ipsecctl -f /etc/ipsec/{{ ipsec_name }}.conf"
|
||||
# when: ipsec_conf.changed
|
||||
# tags:
|
||||
# - ipsec
|
10
ipsec/templates/ipsec.conf.j2
Normal file
10
ipsec/templates/ipsec.conf.j2
Normal file
|
@ -0,0 +1,10 @@
|
|||
local_ip="{{ ipsec_local_ip }}"
|
||||
local_network="{{ ipsec_local_network }}"
|
||||
|
||||
remote_ip_{{ ipsec_name }}="{{ ipsec_remote_ip }}"
|
||||
remote_networks_{{ ipsec_name }}="{{ ipsec_remote_network }}"
|
||||
|
||||
ike esp from $local_network to $remote_networks_{{ ipsec_name }} peer $remote_ip_{{ ipsec_name }} \
|
||||
main auth hmac-sha2-512 enc 3des group modp4096 \
|
||||
quick auth hmac-sha2-512 enc 3des group modp4096 \
|
||||
psk "{{ ipsec_psk }}"
|
Loading…
Reference in a new issue