3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
# File 'manifests/config.pp', line 3
class libreswan::config {
assert_private()
$myid = $libreswan::myid
$protostack = $libreswan::protostack
$interfaces = $libreswan::interfaces
$listen = $libreswan::listen
$ikeport = $libreswan::ikeport
$nflog_all = $libreswan::nflog_all
$nat_ikeport = $libreswan::nat_ikeport
$keep_alive = $libreswan::keep_alive
$virtual_private = $libreswan::virtual_private
$myvendorid = $libreswan::myvendorid
$nhelpers = $libreswan::nhelpers
$plutofork = $libreswan::plutofork
$crlcheckinterval = $libreswan::crlcheckinterval
$strictcrlpolicy = $libreswan::strictcrlpolicy
$ocsp_enable = $libreswan::ocsp_enable
$ocsp_strict = $libreswan::ocsp_strict
$ocsp_timeout = $libreswan::ocsp_timeout
$ocsp_uri = $libreswan::ocsp_uri
$ocsp_trustname = $libreswan::ocsp_trustname
$syslog = $libreswan::syslog
$klipsdebug = $libreswan::klipsdebug
$plutodebug = $libreswan::plutodebug
$uniqueids = $libreswan::uniqueids
$plutorestartoncrash = $libreswan::plutorestartoncrash
$logfile = $libreswan::logfile
$logappend = $libreswan::logappend
$logtime = $libreswan::logtime
$ddos_mode = $libreswan::ddos_mode
$ddos_ike_treshold = $libreswan::ddos_ike_treshold
$dumpdir = $libreswan::dumpdir
$statsbin = $libreswan::statsbin
$ipsecdir = $libreswan::ipsecdir
$secretsfile = $libreswan::secretsfile
$perpeerlog = $libreswan::perpeerlog
$perpeerlogdir = $libreswan::perpeerlogdir
$fragicmp = $libreswan::fragicmp
$hidetos = $libreswan::hidetos
$overridemtu = $libreswan::overridemtu
$block_cidrs = $libreswan::block_cidrs
$clear_cidrs = $libreswan::clear_cidrs
$clear_private_cidrs = $libreswan::clear_private_cidrs
$private_cidrs = $libreswan::private_cidrs
$private_clear_cidrs = $libreswan::private_clear_cidrs
file { '/etc/ipsec.conf':
ensure => file,
owner => root,
mode => '0400',
notify => Class['libreswan::service'],
content => template('libreswan/etc/ipsec.conf.erb')
}
file { $libreswan::dumpdir:
ensure => directory,
owner => root,
mode => '0700',
before => File['/etc/ipsec.conf']
}
file { "${ipsecdir}/policies/block":
ensure => 'file',
owner => 'root',
group => 'root',
mode => '0644',
content => template('libreswan/etc/ipsec.d/policies/block.erb'),
}
file { "${ipsecdir}/policies/clear":
ensure => 'file',
owner => 'root',
group => 'root',
mode => '0644',
content => template('libreswan/etc/ipsec.d/policies/clear.erb'),
}
file { "${ipsecdir}/policies/clear-or-private":
ensure => 'file',
owner => 'root',
group => 'root',
mode => '0644',
content => template('libreswan/etc/ipsec.d/policies/clear_or_private.erb'),
}
file { "${ipsecdir}/policies/private":
ensure => 'file',
owner => 'root',
group => 'root',
mode => '0644',
content => template('libreswan/etc/ipsec.d/policies/private.erb'),
}
file { "${ipsecdir}/policies/private-or-clear":
ensure => 'file',
owner => 'root',
group => 'root',
mode => '0644',
content => template('libreswan/etc/ipsec.d/policies/private_or_clear.erb'),
}
if $libreswan::logfile {
file { $libreswan::logfile:
ensure => file,
owner => root,
mode => '0600',
before => File['/etc/ipsec.conf']
}
}
}
|