Premier commit
This commit is contained in:
“Albert
9
roles/old/vpn/templates/ipsec-tools.conf.j2
Executable file
9
roles/old/vpn/templates/ipsec-tools.conf.j2
Executable file
@@ -0,0 +1,9 @@
|
||||
flush;
|
||||
spdflush;
|
||||
|
||||
spdadd {{ mynet }}/24 {{ remnet }}/24 any -P out ipsec
|
||||
esp/tunnel/{{ ip1 }}-{{ remip }}/require;
|
||||
|
||||
spdadd {{ remnet }}/24 {{ mynet }}/24 any -P in ipsec
|
||||
esp/tunnel/{{ remip }}-{{ ip1 }}/require;
|
||||
|
||||
2
roles/old/vpn/templates/psk.txt.j2
Normal file
2
roles/old/vpn/templates/psk.txt.j2
Normal file
@@ -0,0 +1,2 @@
|
||||
{{ remip }} secret
|
||||
|
||||
19
roles/old/vpn/templates/racoon.conf.j2
Normal file
19
roles/old/vpn/templates/racoon.conf.j2
Normal file
@@ -0,0 +1,19 @@
|
||||
path pre_shared_key "/etc/racoon/psk.txt";
|
||||
|
||||
remote {{ remip }} {
|
||||
exchange_mode main,aggressive;
|
||||
proposal {
|
||||
encryption_algorithm 3des;
|
||||
hash_algorithm sha1;
|
||||
authentication_method pre_shared_key;
|
||||
dh_group 2;
|
||||
}
|
||||
}
|
||||
|
||||
sainfo address {{ mynet }}/24 any address {{ remnet }}/24 any {
|
||||
pfs_group 2;
|
||||
lifetime time 1 hour ;
|
||||
encryption_algorithm 3des, blowfish 448, rijndael ;
|
||||
authentication_algorithm hmac_sha1, hmac_md5 ;
|
||||
compression_algorithm deflate ;
|
||||
}
|
||||
Reference in New Issue
Block a user