nl2go.network_encryption

Panoramica Versioni Approfondimenti

Ansible Role: Network Encryption

This Ansible Role controls network encryption for inventory hosts using IPsec and strongSwan.

Requirements

Name Type Version Location
ansible-filter Python package 1.0.0 Control node

Role Variables

Here are some important variables you can use, along with their default values (found in defaults/main.yml):

  • network_encryption_charon_port: 500
    Local UDP port. Set to 0 for a random port (see strongswan.conf).

  • network_encryption_port_nat_t: 4500
    Local UDP port for NAT-T. Set to 0 for a random port. Must be different from charon.port; otherwise, a random port will be used (see strongswan.conf).

  • Configuration examples:

  network_encryption_configs:
    - name: default
      psk: secret

Each configuration set requires a name for identification and a psk (pre-shared key).

  • Host configuration example:
  network_encryption_host_configs:
    - name: default

Attach hosts to a configuration set by specifying its name.

  • To detach a host:
  network_encryption_host_configs:
    - name: default
      state: absent
  • Define network interface:
  network_encryption_configs:
    - name: default
      interface: eth0
      psk: secret

If not specified, it defaults to ansible_default_ipv4.interface.

  • Set connection parameters:
  network_encryption_configs:
    - name: default
      psk: secret
      params:
          lifetime: 8h

General parameters such as lifetime can be set in the params section (see ipsec.conf).

  • Default configuration parameters example:
  network_encryption_default_config_params:
    ike: aes256gcm16-prfsha384-modp4096,aes256gcm16-prfsha384-ecp384!
    esp: aes256gcm16-modp4096,aes256gcm16-ecp384!
    ...
    type: tunnel

These can be overridden by the params in network_encryption_configs.

  • Specify custom configuration directory:
  network_encryption_config_dir: "/etc/ipsec.d/{{ role_name }}"

Tags

You can use tags to limit role execution to certain tasks. Available tags include:

  • network_encryption: Covers all role tasks.
  • network_encryption_install, install: Installs necessary packages.
  • network_encryption_config, config: Configures the required packages.

Dependencies

None.

Example Playbook

- hosts: all
  roles:
     - nl2go.network_encryption

Development

Use docker-molecule as per the instructions to run Molecule or install Molecule locally (not recommended due to potential version conflicts).

To run tests, use:

molecule test --all

Maintainers

License

Check the LICENSE.md file for details.

Author Information

This role was created in 2019 by Newsletter2Go GmbH.

Informazioni sul progetto

Manage network encryption between inventory hosts based on[IPsec](https://de.wikipedia.org/wiki/IPsec) /[strongSwan](https://www.strongswan.org/).

role encryption ipsec network strongswan
Installa
ansible-galaxy install nl2go.network_encryption
GitHub repository
5 stelle
0 fork
0 problemi aperti
Licenza
mit
Download
5.4k
Proprietario