Name: strongswanaws
Owner: Datadog, Inc.
Description: Private fork of https://github.com/flite/strongswanaws
Created: 2016-07-29 18:31:49.0
Updated: 2016-07-29 19:46:20.0
Pushed: 2016-08-02 18:59:53.0
Homepage: null
Size: 22
Language: Ruby
GitHub Committers
| User | Most Recent Commit | # Commits |
|---|
Other Committers
| User | Most Recent Commit | # Commits |
|---|
The StrongSwan AWS Cookbook creates an AWS-compatible IPSec tunnel on a node.
This cookbook works with StrongSwan, an open-source IPSec-based VPN solution.
It has been tested with StrongSwan 5.1.2, as packaged for Ubuntu.
---------------------.
stribution | Version |
---------------------|
untu | 14.04 |
---------------------'
This cookbook does not depend on any other cookbooks.
This cookbook uses the following attributes.
----------------------------------------------------------------------------------------.
y | Type | Description | Default |
----------------------------------------------------------------------------------------|
awsstrongswan']['debug'] | Boolean | Cause charon to log debug information | true |
awsstrongswan']['tunnels'] | Array | Tunnels to which to connect | empty [] |
----------------------------------------------------------------------------------------'
These attributes can be set as below.
['awsstrongswan']['debug']:
ault_attributes": {
trongswanaws": {
"debug": true
['awsstrongswan']['tunnels']:
ault_attributes": {
trongswanaws": {
"tunnels": [
{
"name": "tunnel-to-other-vpc",
"local_network": "10.10.0.0/16",
"remote_network": "10.11.0.0/16",
"tunnel_ip": "1.2.3.4"
}
]
This cookbook makes use of a data bag named strongswanaws.
The data bag should contain a single item named tunnel_keys.
The item tunnel_keys should look as shown below.
d": "tunnel_keys",
ey_configs": [
{
"name": "tunnel-to-other-vpc",
"psk": "Ep53A1ZqY6f.KWO90LABLzfRZyf62GyM",
"source_ips": [
"1.2.3.4"
]
}
There may be zero or more tunnels in the tunnel_keys list.
This cookbook contains the following recipes.
strongswanaws::default - This recipe is empty. It allows the cookbook to be included without running an action.
strongswanaws::server - This recipe does the following.
Installs StrongSwan
Sets system-wide limits with sysctl
Runs Charon
Sets StrongSwan start on boot
strongswanaws::tunnels - This recipe does the following.
Writes PSK's to the secrets file
Configures tunnels to which StrongSwan will connect
Include the server recipe to only install StrongSwan and set system limits.
_list": [
ecipe[strongswanaws::server]"
Include both server and tunnels recipes to configure StrongSwan to establish one or more IPSec sessions.
_list": [
ecipe[strongswanaws::server]",
ecipe[strongswanaws::tunnels]",
strongswanaws::connection - Add an IPSec session for StrongSwan to establish
Parameters:
connection_name - A string to label an IPSec session (name attribute)local_network - A CIDR-formatted network address (required)remote_network - A CIDR-formatted network address (required)remote_gateway - An IPv4 address (required)startup_operation - A string to indicate the desired initial state of the tunnel (one of 'add', 'route', 'start')Example:
ngswanaws_connection 'remote_tunnel' do
nnection_name 'remote_tunnel'
cal_network '10.10.0.0/16'
mote_network '10.11.0.0/16'
mote_gateway '1.2.3.4'
artup_operation 'start'