
127 lines
2.0 KiB

# Class: ipsec
# ===========================
# Full description of class ipsec here.
# Parameters
# ----------
# Document parameters here.
# * `sample parameter`
# Explanation of what this parameter affects and what it defaults to.
# e.g. "Specify one or more upstream ntp servers as an array."
# Variables
# ----------
# Here you should define a list of variables that this module would require.
# * `sample variable`
# Explanation of how this variable affects the function of this class and if
# it has a default. e.g. "The parameter enc_ntp_servers must be set by the
# External Node Classifier as a comma separated list of hostnames." (Note,
# global variables should be avoided in favor of class parameters as
# of Puppet 2.6.)
# Examples
# --------
# @example
# class { 'ipsec':
# }
# Authors
# -------
# 7u83 <7u83@mail.ru>
# Copyright
# ---------
# Copyright 2018 7u83@mail.ru
class ipsec(
$version = 'latest',
$ikedaemon = undef
if $ikedaemon == undef {
case $::osfamily {
$ike_daemon = 'racoon'
$ike_daemon = 'isakmpd'
default: {
$ike_daemon = 'racoon'
else {
$ike_daemon = $ikedaemon
$res = "ipsec::${ike_daemon}"
class { "$res":
version => $version
define ipsec::tunnel (
$proto = "any",
$hash = 'sha256',
$encryption = 'aes256',
$lifetime = '86400',
$dh_group = 14,
include ::ipsec
$ikedaemon = $::ipsec::ike_daemon
$res = "ipsec::${ikedaemon}::tunnel"
Resource[$res] { "$title":
local_ip => $local_ip,
remote_ip => $remote_ip,
nets => $nets,
proto => $proto,
psk => $psk,
lifetime => $lifetime,
hash => $hash,
encryption => $encryption,
dh_group => 14,
define ipsec::transport (
$proto = "any",
include ::ipsec
$ikedaemon = $::ipsec::ike_daemon
$res = "ipsec::${ikedaemon}::transport"
Resource[$res] { "$title":
local_ip => $local_ip,
remote_ip => $remote_ip,
proto => $proto,
psk => $psk