[] (https://travis-ci.org/BigYopy/puppet-openswan)
####Table of Contents
- Overview
- Setup - The basics of getting started with openswan
- Usage - Configuration options and additional functionality
- Reference - An under-the-hood peek at what the module is doing and how
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
##Overview
This module is designed to setup a Candlepin server.
##Setup
###What openswan affects
- Installs and configures OpenSwan
- Create VPN connections
###Setup requirements
- Enable IP Forwarding
###Beginning with openswan
class { 'openswan': }
##Usage
###Install Openswan
class { 'openswan': }
###Create a Site to Site VPN
openswan::connection { 'site2site':
ensure => 'present',
type => 'tunnel',
authby => 'secret',
left => '%defaultroute',
leftid => '54.x.x.x',
leftnexthop => '%defaultroute',
leftsubnet => '10.0.0.0/21',
right => '53.x.x.x',
rightsubnet => '192.168.1.1/24',
pfs => 'yes',
auto => 'start',
}
##Reference
Performs a basic installation and configuration of Openswan.
Parameters within openswan
:
Enable NAT traversal support. Default: no
Specify the networks that are allowed as subnet= for the remote client.
Define which protocol stack is going to be used.
Default: yes
Connections files folder (*.conf). Default: /etc/ipsec.d/connection
Secrets files folder (*.secrets). Default: /etc/ipsec.d/connection
Configures a VPN connection
Parameters within openswan::connection
:
Whether create connection or not. Default: present
Set the IPsec mode to use. Default: tunnel
Set how the two security gateways should authenticate each other
Specify the IP address of openswan server public-network interface
Specify how the left participant should be identified for authentication
Specify the next-hop gateway IP address for the left server's connection to the public network
Specify private subnet behind the left openswan server
Specify multiple private subnets behind the left openswan server
Specify the IP address of openswan server public-network interface
Specify private subnet behind the right openswan server
Specify multiple private subnets behind the right openswan server
Enable Perfect Forward Secrecy of keys
Default: ignore
psk key
Internet Key Exchange
Encapsulating Security Payload
IPsec Key Exchange
##Limitations
##Development