tohe
/
7u83-ipsec
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
7u83-ipsec/manifests/isakmpd.pp

79 lines
1.2 KiB
Puppet
Raw Blame History

##
class ipsec::isakmpd (
$version = 'latest'
) inherits ipsec::isakmpd_params {
if $pkg_name != false {
# if $pkg_provider_p != false {
# $provider = $pkg_provider_p
# }
# else {
# $provider = $pkg_provider
# }
package { 'isakmpd':
name => $pkg_name,
provider => $pkg_provider
}
}
# concat { "$ipsec_conf":
# mode => '0600'
#
# }
# concat::fragment { "ipsec_conf_header":
# target => "$ipsec_conf",
# order => '00',
# content => template('ipsec/isakmpd_ipsec_conf_header.erb'),
# }
# exec { "$setkey_cmd":
# subscribe => Concat[ "$ipsec_conf" ],
# refreshonly => true
# }
file {"/etc/isakmpd/private/openbsda.pem":
source => $ipsec::client_key,
mode => '600',
}
file {"/etc/isakmpd/certs/ca.pem":
source => $ipsec::ca_cert,
mode => '600',
}
file {"/etc/isakmpd/certs/openbsda.pem":
source => $ipsec::client_cert,
mode => '600',
}
}
define ipsec::isakmpd::tunnel (
$local_ip,
$remote_ip,
$nets,
$proto = "any",
$psk,
$lifetime,
$hash,
$encryption,
$dh_group,
){
notify { "$title: $::ipsec::isakmpd_params::ipsec_conf": }
concat::fragment { "$title":
target => "$::ipsec::isakmpd_params::ipsec_conf",
content => template('ipsec/isakmpd_tunnel.erb')
}
}
Reference in New Issue View Git Blame Copy Permalink