CD2H gitForager

voxpupuli/puppet-strongswan

Name: puppet-strongswan

Owner: Vox Pupuli

Description: Puppet Strongswan Module

Created: 2016-02-23 19:01:04.0

Updated: 2018-05-23 05:54:47.0

Pushed: 2018-05-23 05:54:46.0

Homepage: null

Size: 76

Language: Ruby

GitHub Committers

User	Most Recent Commit	# Commits

Other Committers

User	Email	Most Recent Commit	# Commits

README

This Puppet module contains configurations for Strongswan.

Example usage

StrongSwan default config:

ude strongswan

Strongswan self-signed CA:

ude strongswan::pki::ca

Strongswan certificates management:

ngswan::pki::certificate {'server':
mmon_name => 'myvpn.local',
n         => ['@strongswan-1','strongswan-1','192.168.33.42', '@192.168.33.42'],


ngswan::pki::certificate {'John Smith':
mmon_name  => 'Jonh Smith',
2_password => 'mySuperStrongPass',

Example configuration ipsec.conf:

ngswan::conn { '%default':
tions => {
"ike"         => "aes128gcm128-prfsha256-ecp256!",
"esp"         => "aes128gcm128-ecp256!",
"keyexchange" => "ikev2",
"ikelifetime" => "60m",
"lifetime"    => "20m",
"margintime"  => "3m",
"closeaction" => "restart",
"dpdaction"   => "restart",



ngswan::conn { 'IPsec-IKEv2':
tions => {
"rekey"         => "no",
"left"          => "%any",
"leftsubnet"    => "0.0.0.0/0",
"leftcert"      => "vpnHostCert.der",
"right"         => "%any",
"rightdns"      => "8.8.8.8,8.8.4.4",
"rightsourceip" => "10.10.10.0/24",
"auto"          => "add",



ngswan::conn { 'IKEv2-EAP':
tions => {
"also"          => "IPSec-IKEv2",
"leftauth"      => "pubkey",
"leftsendcert"  => "always",
"rightauth"     => "eap-mschapv2",
"rightsendcert" => "never",
"eap_identity"  => "%any",

ipsec.secrets

ngswan::secrets { '%any':
tions => {
'RSA' => 'vpnHostKey.der keypass'



ngswan::secrets { 'John':
tions => {
'EAP' => 'SuperSecretPass'

charon daemon configuration example:

ngswan::charon { 'dns':
tions => {
'dns1' => '8.8.8.8',
'dns2' => '8.8.4.4'

charon logging configuration example:

ngswan::charon { '/var/log/vpn.log':
tions => {
'filelog' => {
  '/var/log/vpn.log' => {
    'time_format' => '%b %e %T',
    'ike_name'    => 'yes',
    'append'      => 'no',
    'default'     => '1',
    'flush_line'  => 'yes',
  },
  'stderr' => {
    'ike' => '2',
    'knl' => '2',
  }
}

Setup configuration

The IPsec 'config setup' section in ipsec.conf:

s { 'strongswan::setup':
tions => {
'charondebug' => '"ike 2, knl 2, cfg 2"'

License

MIT License

This work is supported by the National Institutes of Health's National Center for Advancing Translational Sciences, Grant Number U24TR002306. This work is solely the responsibility of the creators and does not necessarily represent the official views of the National Institutes of Health.