41 lines
929 B
YAML
41 lines
929 B
YAML
#cloud-config
|
|
package_update: true
|
|
packages:
|
|
- strongswan
|
|
- iptables
|
|
- net-tools
|
|
|
|
write_files:
|
|
- path: /etc/ipsec.conf
|
|
permissions: '0644'
|
|
content: |
|
|
config setup
|
|
charondebug="ike 2, knl 2, cfg 2, net 2, esp 2, dmn 2, mgr 2"
|
|
|
|
conn net-net
|
|
auto=add
|
|
keyexchange=ikev2
|
|
authby=psk
|
|
left=${local_ip}
|
|
leftid=${leftid}
|
|
leftsubnet=${local_subnet}
|
|
right=${remote_ip}
|
|
rightid=${rightid}
|
|
rightsubnet=${remote_subnet}
|
|
ike=aes256-sha1-modp1024!
|
|
esp=aes256-sha1!
|
|
dpdaction=restart
|
|
dpddelay=30s
|
|
dpdtimeout=120s
|
|
|
|
- path: /etc/ipsec.secrets
|
|
permissions: '0600'
|
|
content: |
|
|
${leftid} ${rightid} : PSK "${psk}"
|
|
|
|
runcmd:
|
|
- sysctl -w net.ipv4.ip_forward=1
|
|
- sed -i '/^#net.ipv4.ip_forward=1/c\net.ipv4.ip_forward=1' /etc/sysctl.conf
|
|
- sysctl -p
|
|
- ipsec start
|
|
- ipsec up net-net
|