6 changed files with 140 additions and 45 deletions
-
9templates/racoon/ipsec.conf.transport.erb
-
79templates/racoon/racoon-transport.conf.erb
-
26templates/racoon/racoon.conf.footer.erb
-
20templates/racoon/racoon.conf.header.erb
-
34templates/racoon/remote.erb
-
17templates/racoon/sainfo.erb
@ -1,32 +1,65 @@ |
|||
# |
|||
# remote $title |
|||
# IPSec Transpoty <%= @title %> |
|||
# |
|||
<%- |
|||
if @local_ip == "anonymous" |
|||
local = "anonymous" |
|||
lport = "" |
|||
proto = "" |
|||
else |
|||
local = "address "+@local_ip |
|||
if @local_port |
|||
lport="["+@local_port+"]" |
|||
else |
|||
lport="" |
|||
end |
|||
proto = " "+@proto |
|||
end |
|||
|
|||
@salifetime = @lifetime ? @lifetime : "3600 " |
|||
@saencryption = @encryption ? @encryption : @encryption |
|||
@pfs_group = @pfs_group ? @pfs_group : @dh_group |
|||
@port = 'any' -%> |
|||
|
|||
sainfo <%= local %><%=lport%><%= proto %> address <%= @remote_ip %> <%= @proto %> |
|||
{ |
|||
<%- if @pfs_group -%> |
|||
pfs_group <%-= @pfs_group -%>; |
|||
<%- end -%> |
|||
encryption_algorithm <%= @encryption.join(",") %>; |
|||
<%- komma="" -%> |
|||
authentication_algorithm <%- @hash.each do |hmalgo| -%><%=komma -%>hmac_<%= hmalgo -%> <%- komma=',' -%> <%- end -%>; |
|||
compression_algorithm deflate; |
|||
lifetime time <%= @lifetime %> sec; |
|||
} |
|||
|
|||
|
|||
#remote <%= @remote_ip %> { |
|||
# exchange_mode main; |
|||
# proposal { |
|||
# encryption_algorithm <%= @encryption.join(",") %>; |
|||
# hash_algorithm <%= @hash %>; |
|||
# dh_group <%= @dh_group %>; |
|||
# lifetime time <%= @lifetime %> sec; |
|||
# authentication_method pre_shared_key; |
|||
# } |
|||
# # generate_policy on; |
|||
#} |
|||
|
|||
<%if @p1_proposals %> |
|||
remote <%= @remote_ip %> { |
|||
exchange_mode main; |
|||
proposal { |
|||
encryption_algorithm <%= @encryption.join(",") %>; |
|||
hash_algorithm <%= @hash %>; |
|||
dh_group <%= @dh_group %>; |
|||
lifetime time <%= @lifetime %> sec; |
|||
generate_policy on; |
|||
|
|||
<%- @p1_proposals.each do |p| -%> |
|||
proposal { |
|||
encryption_algorithm <%= p['encryption'] %>; |
|||
hash_algorithm <%= p['hash'] %>; |
|||
authentication_method pre_shared_key; |
|||
dh_group <%= p['dh_group'] %>; |
|||
} |
|||
# generate_policy on; |
|||
} |
|||
|
|||
<%- @salifetime = @lifetime ? @lifetime : "3600 " %> |
|||
<%- @saencryption = @encryption ? @encryption : @encryption %> |
|||
<%- @pfs_group = @pfs_group ? @pfs_group : @dh_group %> |
|||
<%- @port = 'any' -%> |
|||
|
|||
|
|||
sainfo address <%= @local_ip %> <%= @proto %> address <%= @remote_ip %> <%= @proto %> |
|||
{ |
|||
pfs_group <%= @pfs_group %>; |
|||
encryption_algorithm <%= @encryption.join(",") %>; |
|||
<%- @komma="" -%> |
|||
authentication_algorithm <%- @p2hash.each do |hmalgo| -%><%=@komma -%>hmac_<%= hmalgo -%> <%- @komma=',' -%> <%- end -%>; |
|||
compression_algorithm deflate; |
|||
lifetime time <%= @lifetime %> sec; |
|||
<%- end -%> |
|||
} |
|||
<% end %> |
|||
|
|||
|
@ -0,0 +1,26 @@ |
|||
<%if @default_proposals %> |
|||
remote anonymous { |
|||
exchange_mode main; |
|||
generate_policy on; |
|||
|
|||
<%- @default_proposals.each do |p| -%> |
|||
proposal { |
|||
encryption_algorithm <%= p['encryption'] %>; |
|||
hash_algorithm <%= p['hash'] %>; |
|||
authentication_method pre_shared_key; |
|||
dh_group <%= p['dh_group'] %>; |
|||
} |
|||
<%- end -%> |
|||
} |
|||
<% end %> |
|||
|
|||
<% if false %> |
|||
#sainfo anonymous{ |
|||
# pfs_group 2; |
|||
# encryption_algorithm aes_256; |
|||
# authentication_algorithm hmac_md5; |
|||
# compression_algorithm deflate; |
|||
#} |
|||
|
|||
<% end %> |
|||
|
@ -0,0 +1,34 @@ |
|||
# |
|||
# Remote definition <%= @title %> |
|||
# |
|||
<%- |
|||
if not @psk |
|||
auth_method = 'rsasig' |
|||
myid = 'asn1dn' |
|||
else |
|||
auth_method = 'pre_shared_key' |
|||
myid = false |
|||
end |
|||
-%> |
|||
remote <%= @remote_id %> { |
|||
exchange_mode <%= @exchange_mode %>; |
|||
generate_policy <%= @generate_policy %>; |
|||
|
|||
<%- if not @psk -%> |
|||
certificate_type x509 "<%= @client_cert -%>" "<%= @client_key %>"; |
|||
ca_type x509 "<%= @ca_cert %>"; |
|||
<%- end -%> |
|||
<%- if myid -%> |
|||
my_identifier asn1dn; |
|||
<%- end -%> |
|||
|
|||
<%- @proposals.each do |p| -%> |
|||
proposal { |
|||
encryption_algorithm <%= p['encryption'] %>; |
|||
hash_algorithm <%= p['hash'] %>; |
|||
dh_group <%= p['dh_group'] %>; |
|||
authentication_method <%= auth_method %>; |
|||
} |
|||
<%- end -%> |
|||
} |
|||
|
@ -0,0 +1,17 @@ |
|||
# |
|||
# |
|||
# |
|||
|
|||
sainfo <%= @saparam %> |
|||
{ |
|||
<%- if @pfs_group -%> |
|||
pfs_group <%= @pfs_group -%>; |
|||
<%- end -%> |
|||
encryption_algorithm <%= @encryption.join(",") -%>; |
|||
<%- komma="" -%> |
|||
authentication_algorithm <%- @hash.each do |hmalgo| -%><%=komma -%>hmac_<%= hmalgo -%> <%- komma=',' -%> <%- end -%>; |
|||
compression_algorithm deflate; |
|||
lifetime time <%= @lifetime %> sec; |
|||
} |
|||
|
|||
|
Write
Preview
Loading…
Cancel
Save
Reference in new issue