Forge Home

libreswan

Module to configure libreswan

15,019 downloads

1,556 latest version

5.0 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 0.2.3 (latest)
  • 0.2.2
  • 0.2.1
  • 0.2.0
released Aug 20th 2021
This version is compatible with:
  • Puppet Enterprise 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x
  • Puppet >= 6.21.0 < 8.0.0
  • ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'abaranov-libreswan', '0.2.3'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add abaranov-libreswan
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install abaranov-libreswan --version 0.2.3

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

abaranov/libreswan — version 0.2.3 Aug 20th 2021

libreswan Build Status

Table of Contents

  1. Overview
  2. Setup
  3. Usage
  4. Reference
  5. Limitations

Overview

Module installs, configures libreswan - a free software implementation of the most widely supported and standarized VPN protocol based on ("IPsec") and the Internet Key Exchange ("IKE").

Setup

For a basic use just include libreswan class into the manifest:

class { 'libreswan': } 

Usage

To configure ipsec options (config setup seciton in ipsec.conf file) the ipsec_config hash should be used:

$ipsec_config = {
  <key>       => <value>,
}

class {'libreswan':
  ipsec_config => $ipsec_config,
}

To manage ipsec connection the libreswan::conn defined type should be used

libreswan::conns:
  snt:
    left: 10.11.11.1
    leftsubnet: 10.0.1.0/24
    leftnexthop: 172.16.55.66
    leftsourceip: 10.0.1.1
    right: 192.168.22.1
    rightsubnet: 10.0.2.0/24
    rightnexthop: 172.16.88.99
    rightsourceip: 10.0.2.1
    keyingtries: %forever

Then use create_resources function to create connection:

create_resources('libreswan::conn', $conns)

To manage ipsec secrets the libreswan::secret type is used:

libreswan::secrets:
  'conn1':
    ensure: 'present'
    id: '10.0.0.1 192.168.0.1'
    type: 'PSK'
    secret: 'test'
  'conn2':
    ensure: 'present'
    type: RSA
    secret:
      PublicExponent: 0x03
      PrivateExponent: 0x316e6593...
      Prime1: 0x316e6593...
      Prime2: 0x316e6593...
      Exponent1: 0x316e6593...
      Exponent2: 0x316e6593...
      Coefficient: 0x316e6593...
      CKAIDNSS: 0x316e6593...
create_resources('libreswan::secrets', $secrets)

Reference

libreswan

[ensure]

The state of the puppet resources whithin that module

Type: Variant[Boolean, Enum['present','absent']]

Default: present

[package_name]

The name of the package that provides libreswan

Type: String

Default: libreswan

[package_ensure]

The state of the libreswan package in the system

Type: Variant[Boolean, Enum['installed', 'latest']]

Default: installed

[service_name]

The name of the service that provides ipsec

Type: String

Default: ipsec

[service_ensure]

The state of the libreswan service in the system

Type: Variant[Boolean, Enum['stopped', 'running']]

Default: running

[service_enable]

Define if the service is started during the boot process

Type: Variant[Boolean, Enum['manual','mask']]

Default: true

[manage_service]

Define if puppet manages service for you

Type: Boolean

Default: true

[config]

Absolute path to the ipsec.conf file

Type: Pattern['^\/']

Default: /etc/ipsec.conf

[configdir]

Absolute path to the ipsec.d directory

Type: Pattern['^\/']

Default: /etc/ipsec.d

[config_secrets]

Absolute path to the ipsec.secrets file

Type: Pattern['^\/']

Default: /etc/ipsec.secrets

[purge_configdir]

Remove or not all unmanaged files from configdur

Type: Boolean

Default: false

libreswan::conn

[ensure]

The state of the connection file

Type: Variant[Boolean, Enum['present','absent']]

Default: Present

[options]

The Hash of ipsec connection options

Type: hash

libreswan::secret

[ensure]

The state of the connection secret file

Type: Variant[Boolean, Enum['present','absent']]

Default: Present

[secret]

The secret for ipsec connection

Type: Variant[String,Hash]

[id]

The connection id to identify the secret is for

Type: Optional[String]

[type]

The secret type

Type: Enum['PSK','XAUTH','RSA']

Default: PSK

[options]

The Hash of ipsec connection options

Type: hash

Limitations

Puppet4