79 lines
1.2 KiB
Puppet
79 lines
1.2 KiB
Puppet
##
|
|
|
|
class ipsec::isakmpd (
|
|
$version = 'latest'
|
|
|
|
) inherits ipsec::isakmpd_params {
|
|
|
|
if $pkg_name != false {
|
|
# if $pkg_provider_p != false {
|
|
# $provider = $pkg_provider_p
|
|
# }
|
|
# else {
|
|
# $provider = $pkg_provider
|
|
# }
|
|
|
|
package { 'isakmpd':
|
|
name => $pkg_name,
|
|
provider => $pkg_provider
|
|
}
|
|
}
|
|
|
|
|
|
# concat { "$ipsec_conf":
|
|
# mode => '0600'
|
|
#
|
|
# }
|
|
|
|
# concat::fragment { "ipsec_conf_header":
|
|
# target => "$ipsec_conf",
|
|
# order => '00',
|
|
# content => template('ipsec/isakmpd_ipsec_conf_header.erb'),
|
|
|
|
# }
|
|
|
|
# exec { "$setkey_cmd":
|
|
# subscribe => Concat[ "$ipsec_conf" ],
|
|
# refreshonly => true
|
|
# }
|
|
|
|
file {"/etc/isakmpd/private/openbsda.pem":
|
|
source => $ipsec::client_key,
|
|
mode => '600',
|
|
}
|
|
file {"/etc/isakmpd/certs/ca.pem":
|
|
source => $ipsec::ca_cert,
|
|
mode => '600',
|
|
}
|
|
file {"/etc/isakmpd/certs/openbsda.pem":
|
|
source => $ipsec::client_cert,
|
|
mode => '600',
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
define ipsec::isakmpd::tunnel (
|
|
$local_ip,
|
|
$remote_ip,
|
|
$nets,
|
|
$proto = "any",
|
|
$psk,
|
|
$lifetime,
|
|
$hash,
|
|
$encryption,
|
|
$dh_group,
|
|
|
|
){
|
|
notify { "$title: $::ipsec::isakmpd_params::ipsec_conf": }
|
|
|
|
concat::fragment { "$title":
|
|
target => "$::ipsec::isakmpd_params::ipsec_conf",
|
|
content => template('ipsec/isakmpd_tunnel.erb')
|
|
}
|
|
|
|
}
|
|
|