Giter VIP home page Giter VIP logo

puppet-libreswan's Introduction

libreswan Build Status

Table of Contents

  1. Overview
  2. Setup
  3. Usage
  4. Reference
  5. Limitations

Overview

Module installs, configures libreswan - a free software implementation of the most widely supported and standarized VPN protocol based on ("IPsec") and the Internet Key Exchange ("IKE").

Setup

For a basic use just include libreswan class into the manifest:

class { 'libreswan': }

Usage

To configure ipsec options (config setup seciton in ipsec.conf file) the ipsec_config hash should be used:

$ipsec_config = {
  <key>       => <value>,
}

class {'libreswan':
  ipsec_config => $ipsec_config,
}

To manage ipsec connection the libreswan::conn defined type should be used

libreswan::conns:
  snt:
    left: 10.11.11.1
    leftsubnet: 10.0.1.0/24
    leftnexthop: 172.16.55.66
    leftsourceip: 10.0.1.1
    right: 192.168.22.1
    rightsubnet: 10.0.2.0/24
    rightnexthop: 172.16.88.99
    rightsourceip: 10.0.2.1
    keyingtries: %forever

Then use create_resources function to create connection:

create_resources('libreswan::conn', $conns)

To manage ipsec secrets the libreswan::secret type is used:

libreswan::secrets:
  'conn1':
    ensure: 'present'
    id: '10.0.0.1 192.168.0.1'
    type: 'PSK'
    secret: 'test'
  'conn2':
    ensure: 'present'
    type: RSA
    secret:
      PublicExponent: 0x03
      PrivateExponent: 0x316e6593...
      Prime1: 0x316e6593...
      Prime2: 0x316e6593...
      Exponent1: 0x316e6593...
      Exponent2: 0x316e6593...
      Coefficient: 0x316e6593...
      CKAIDNSS: 0x316e6593...
create_resources('libreswan::secrets', $secrets)

Reference

libreswan

[ensure]

The state of the puppet resources whithin that module

Type: Variant[Boolean, Enum['present','absent']]

Default: present

[package_name]

The name of the package that provides libreswan

Type: String

Default: libreswan

[package_ensure]

The state of the libreswan package in the system

Type: Variant[Boolean, Enum['installed', 'latest']]

Default: installed

[service_name]

The name of the service that provides ipsec

Type: String

Default: ipsec

[service_ensure]

The state of the libreswan service in the system

Type: Variant[Boolean, Enum['stopped', 'running']]

Default: running

[service_enable]

Define if the service is started during the boot process

Type: Variant[Boolean, Enum['manual','mask']]

Default: true

[manage_service]

Define if puppet manages service for you

Type: Boolean

Default: true

[config]

Absolute path to the ipsec.conf file

Type: Pattern['^/']

Default: /etc/ipsec.conf

[configdir]

Absolute path to the ipsec.d directory

Type: Pattern['^/']

Default: /etc/ipsec.d

[config_secrets]

Absolute path to the ipsec.secrets file

Type: Pattern['^/']

Default: /etc/ipsec.secrets

[purge_configdir]

Remove or not all unmanaged files from configdur

Type: Boolean

Default: false

libreswan::conn

[ensure]

The state of the connection file

Type: Variant[Boolean, Enum['present','absent']]

Default: Present

[options]

The Hash of ipsec connection options

Type: hash

libreswan::secret

[ensure]

The state of the connection secret file

Type: Variant[Boolean, Enum['present','absent']]

Default: Present

[secret]

The secret for ipsec connection

Type: Variant[String,Hash]

[id]

The connection id to identify the secret is for

Type: Optional[String]

[type]

The secret type

Type: Enum['PSK','XAUTH','RSA']

Default: PSK

[options]

The Hash of ipsec connection options

Type: hash

Limitations

Puppet4

puppet-libreswan's People

Contributors

spacedog avatar jhaezebr avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.