Ansible Role: Libreswan

This role installs the Libreswan IPsec server for RedHat/CentOS systems.

Requirements

No special requirements.

Role Variables

You can set up IPsec connections by defining the following variables:

ipsec_connections:
  test:
    local_gateway_ip: '172.16.100.17'  # Your local server IP
    remote_gateway_ip: '172.16.100.33'  # Remote server IP
    psk: 'test123'                      # Pre-shared key for connection
    options:
      leftsubnets: '192.168.17.0/24,192.168.220.0/24'  # Subnets on the local side
      rightsubnet: '192.168.18.0/24'  # Remote subnet
      authby: 'secret'                 # Authentication method
      auto: 'start'                    # Start automatically
      type: 'tunnel'                   # Connection type
      ikelifetime: '8h'                # IKE lifetime
      keylife: '1h'                    # Key lifetime
      ike: 'aes128-sha1;modp1024'      # IKE encryption method
      phase2alg: 'aes128-sha1;modp1024' # Phase 2 algorithm
      keyingtries: '%forever'           # Keying attempts
      keyexchange: 'ike'                # Key exchange method
      dpddelay: '10'                    # DPD delay
      dpdtimeout: '30'                  # DPD timeout
      dpdaction: 'restart_by_peer'      # DPD action

Dependencies

No dependencies needed.

Example Playbook

Here’s how to use this role in a playbook:

    - hosts: servers
      roles:
         - libreswan

For more usage details, check the example here.

How to Test

1. Install Vagrant, VirtualBox, also pip and virtualenv (recommended).
2. Add the 172.16.100.0/24 network to /etc/vbox/networks.conf.
3. To run the tests, execute:

python -m venv .venv
. .venv/bin/activate
pip install -r requirements.txt
molecule test

License

This role is licensed under Apache 2.0.

Author Information

Created by Daniil Kupchenko, you can reach out at kupchenko@gmail.com.