Premier commit

roles/vpn/templates/ipsec-tools.conf.j2

@@ -0,0 +1,9 @@
+flush;
+spdflush;
+
+spdadd {{ mynet }}/24 {{ remnet }}/24 any -P out ipsec
+           esp/tunnel/{{ ip1 }}-{{ remip }}/require;
+
+spdadd {{ remnet }}/24 {{ mynet }}/24 any -P in ipsec
+           esp/tunnel/{{ remip }}-{{ ip1 }}/require;
+

roles/vpn/templates/psk.txt.j2

@@ -0,0 +1,2 @@
+{{ remip }} secret
+

roles/vpn/templates/racoon.conf.j2

@@ -0,0 +1,19 @@
+path pre_shared_key "/etc/racoon/psk.txt";
+
+remote {{ remip }} {
+        exchange_mode main,aggressive;
+        proposal {
+                encryption_algorithm 3des;
+                hash_algorithm sha1;
+                authentication_method pre_shared_key;
+                dh_group 2;
+        }
+}
+
+sainfo address {{ mynet }}/24 any address {{ remnet }}/24 any {
+        pfs_group 2;
+        lifetime time 1 hour ;
+        encryption_algorithm 3des, blowfish 448, rijndael ;
+        authentication_algorithm hmac_sha1, hmac_md5 ;
+        compression_algorithm deflate ;
+}