Name: strongswanaws
Owner: Datadog, Inc.
Description: Private fork of https://github.com/flite/strongswanaws
Created: 2016-07-29 18:31:49.0
Updated: 2016-07-29 19:46:20.0
Pushed: 2016-08-02 18:59:53.0
Homepage: null
Size: 22
Language: Ruby
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
The StrongSwan AWS Cookbook creates an AWS-compatible IPSec tunnel on a node.
This cookbook works with StrongSwan, an open-source IPSec-based VPN solution.
It has been tested with StrongSwan 5.1.2
, as packaged for Ubuntu.
---------------------.
stribution | Version |
---------------------|
untu | 14.04 |
---------------------'
This cookbook does not depend on any other cookbooks.
This cookbook uses the following attributes.
----------------------------------------------------------------------------------------.
y | Type | Description | Default |
----------------------------------------------------------------------------------------|
awsstrongswan']['debug'] | Boolean | Cause charon to log debug information | true |
awsstrongswan']['tunnels'] | Array | Tunnels to which to connect | empty [] |
----------------------------------------------------------------------------------------'
These attributes can be set as below.
['awsstrongswan']['debug']
:
ault_attributes": {
trongswanaws": {
"debug": true
['awsstrongswan']['tunnels']
:
ault_attributes": {
trongswanaws": {
"tunnels": [
{
"name": "tunnel-to-other-vpc",
"local_network": "10.10.0.0/16",
"remote_network": "10.11.0.0/16",
"tunnel_ip": "1.2.3.4"
}
]
This cookbook makes use of a data bag named strongswanaws
.
The data bag should contain a single item named tunnel_keys
.
The item tunnel_keys
should look as shown below.
d": "tunnel_keys",
ey_configs": [
{
"name": "tunnel-to-other-vpc",
"psk": "Ep53A1ZqY6f.KWO90LABLzfRZyf62GyM",
"source_ips": [
"1.2.3.4"
]
}
There may be zero or more tunnels in the tunnel_keys
list.
This cookbook contains the following recipes.
strongswanaws::default
- This recipe is empty. It allows the cookbook to be included without running an action.
strongswanaws::server
- This recipe does the following.
Installs StrongSwan
Sets system-wide limits with sysctl
Runs Charon
Sets StrongSwan start on boot
strongswanaws::tunnels
- This recipe does the following.
Writes PSK's to the secrets file
Configures tunnels to which StrongSwan will connect
Include the server
recipe to only install StrongSwan and set system limits.
_list": [
ecipe[strongswanaws::server]"
Include both server
and tunnels
recipes to configure StrongSwan to establish one or more IPSec sessions.
_list": [
ecipe[strongswanaws::server]",
ecipe[strongswanaws::tunnels]",
strongswanaws::connection
- Add an IPSec session for StrongSwan to establish
Parameters:
connection_name
- A string to label an IPSec session (name attribute)local_network
- A CIDR-formatted network address (required)remote_network
- A CIDR-formatted network address (required)remote_gateway
- An IPv4 address (required)startup_operation
- A string to indicate the desired initial state of the tunnel (one of 'add', 'route', 'start')Example:
ngswanaws_connection 'remote_tunnel' do
nnection_name 'remote_tunnel'
cal_network '10.10.0.0/16'
mote_network '10.11.0.0/16'
mote_gateway '1.2.3.4'
artup_operation 'start'