Forge Home


Module to configure libreswan


2,165 latest version

5.0 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 0.2.3 (latest)
  • 0.2.2
  • 0.2.1
  • 0.2.0
released Aug 20th 2021
This version is compatible with:
  • Puppet Enterprise 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x
  • Puppet >= 6.21.0 < 8.0.0
  • ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'abaranov-libreswan', '0.2.3'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add abaranov-libreswan
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install abaranov-libreswan --version 0.2.3

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.



abaranov/libreswan — version 0.2.3 Aug 20th 2021

libreswan Build Status

Table of Contents

  1. Overview
  2. Setup
  3. Usage
  4. Reference
  5. Limitations


Module installs, configures libreswan - a free software implementation of the most widely supported and standarized VPN protocol based on ("IPsec") and the Internet Key Exchange ("IKE").


For a basic use just include libreswan class into the manifest:

class { 'libreswan': } 


To configure ipsec options (config setup seciton in ipsec.conf file) the ipsec_config hash should be used:

$ipsec_config = {
  <key>       => <value>,

class {'libreswan':
  ipsec_config => $ipsec_config,

To manage ipsec connection the libreswan::conn defined type should be used

    keyingtries: %forever

Then use create_resources function to create connection:

create_resources('libreswan::conn', $conns)

To manage ipsec secrets the libreswan::secret type is used:

    ensure: 'present'
    id: ''
    type: 'PSK'
    secret: 'test'
    ensure: 'present'
    type: RSA
      PublicExponent: 0x03
      PrivateExponent: 0x316e6593...
      Prime1: 0x316e6593...
      Prime2: 0x316e6593...
      Exponent1: 0x316e6593...
      Exponent2: 0x316e6593...
      Coefficient: 0x316e6593...
      CKAIDNSS: 0x316e6593...
create_resources('libreswan::secrets', $secrets)




The state of the puppet resources whithin that module

Type: Variant[Boolean, Enum['present','absent']]

Default: present


The name of the package that provides libreswan

Type: String

Default: libreswan


The state of the libreswan package in the system

Type: Variant[Boolean, Enum['installed', 'latest']]

Default: installed


The name of the service that provides ipsec

Type: String

Default: ipsec


The state of the libreswan service in the system

Type: Variant[Boolean, Enum['stopped', 'running']]

Default: running


Define if the service is started during the boot process

Type: Variant[Boolean, Enum['manual','mask']]

Default: true


Define if puppet manages service for you

Type: Boolean

Default: true


Absolute path to the ipsec.conf file

Type: Pattern['^\/']

Default: /etc/ipsec.conf


Absolute path to the ipsec.d directory

Type: Pattern['^\/']

Default: /etc/ipsec.d


Absolute path to the ipsec.secrets file

Type: Pattern['^\/']

Default: /etc/ipsec.secrets


Remove or not all unmanaged files from configdur

Type: Boolean

Default: false



The state of the connection file

Type: Variant[Boolean, Enum['present','absent']]

Default: Present


The Hash of ipsec connection options

Type: hash



The state of the connection secret file

Type: Variant[Boolean, Enum['present','absent']]

Default: Present


The secret for ipsec connection

Type: Variant[String,Hash]


The connection id to identify the secret is for

Type: Optional[String]


The secret type

Type: Enum['PSK','XAUTH','RSA']

Default: PSK


The Hash of ipsec connection options

Type: hash