From ecb6b498b9a4edff16156e31e244e4f1408d7eff Mon Sep 17 00:00:00 2001 From: Jack Ivanov Date: Wed, 14 Dec 2016 19:42:39 +0300 Subject: [PATCH] unnecessarry to use such way Fixed #162 --- config.cfg | 8 -------- roles/vpn/templates/client_ipsec.conf.j2 | 9 ++++++--- roles/vpn/templates/ipsec.conf.j2 | 9 ++++++--- 3 files changed, 12 insertions(+), 14 deletions(-) diff --git a/config.cfg b/config.cfg index 0691765..792aae7 100644 --- a/config.cfg +++ b/config.cfg @@ -52,14 +52,6 @@ strongswan_enabled_plugins: - stroke - x509 -ipsec_config: - dpdaction: 'clear' - dpddelay: '35s' - rekey: 'no' - keyexchange: 'ikev2' - compress: 'yes' - fragmentation: 'yes' - ec2_vpc_nets: cidr_block: 172.251.0.0/23 subnet_cidr: 172.251.1.0/24 diff --git a/roles/vpn/templates/client_ipsec.conf.j2 b/roles/vpn/templates/client_ipsec.conf.j2 index 2e97c36..32a71f7 100644 --- a/roles/vpn/templates/client_ipsec.conf.j2 +++ b/roles/vpn/templates/client_ipsec.conf.j2 @@ -1,7 +1,10 @@ conn ikev2-{{ IP_subject_alt_name }} -{% for key, value in ipsec_config.iteritems() %} - {{ key }}={{ value }} -{% endfor %} + fragmentation=yes + rekey=no + dpdaction=clear + keyexchange=ikev2 + compress=yes + dpddelay=35s {% if Win10_Enabled is defined and Win10_Enabled == "Y" %} ike=aes128gcm16-sha2_256-prfsha256-ecp256,aes256-sha2_256-prfsha256-modp2048! diff --git a/roles/vpn/templates/ipsec.conf.j2 b/roles/vpn/templates/ipsec.conf.j2 index 6b60e36..1b3aa7f 100644 --- a/roles/vpn/templates/ipsec.conf.j2 +++ b/roles/vpn/templates/ipsec.conf.j2 @@ -3,9 +3,12 @@ config setup charondebug="ike 2, knl 2, cfg 2, net 2, esp 2, dmn 2, mgr 2" conn %default -{% for key, value in ipsec_config.iteritems() %} - {{ key }}={{ value }} -{% endfor %} + fragmentation=yes + rekey=no + dpdaction=clear + keyexchange=ikev2 + compress=yes + dpddelay=35s {% if Win10_Enabled is defined and Win10_Enabled == "Y" %} ike=aes128gcm16-sha2_256-prfsha256-ecp256,aes256-sha2_256-prfsha256-modp2048!