Notice branch WIP

[datacoda]

There's a branch called 'notion' that contains a WIP for toggling CHAP vs PAM authentication. It pulls in the notion fork. Untested so if anyone happens to use it, I'd be ecstatic to find out.

[devsibwarra]

My notion forked branch was mostly for some specific changes to the hard-coded files. Once I got it working, I proceeded to forget about it :)

Recently, I needed to support a Google IPSec tunnel, which spawned a trove branch (new company name). This branch comes with the following changes and I'm happy to submit a PR if those changes are desired for this repo

• install packages at the same time
• move all config file settings to cookbook attributes and generate the config files automatically
• If a config file changes, restart the service once at the end of the Chef run
• allow ipsec package to be replaced (by strongswan)
• sort ipsec.secrets wildcard records to the bottom

Sample JSON config using StrongSwan

{
        "run_list": [
                "recipe[l2tp-ipsec]"
        ],
        "l2tp-ipsec": {
                "ipsec-package": "strongswan",
                "public_interface": "ens4",
                "private_interface": "ens7",
                "ppp_link_network": "192.168.254.0/24",
                "ipsec-conf": {
                        "config": {
                                "config setup": {
                                        "charondebug": "\"enc 0, net 0\""
                                },
                                "conn l2tp-psk": {
                                        "authby": "secret",
                                        "auto": "add",
                                        "dpdaction": "clear",
                                        "dpddelay": "30",
                                        "dpdtimeout": "120",
                                        "keyingtries": "1",
                                        "left": "PU.BL.IC.IP",
                                        "leftprotoport": "17/1701",
                                        "rekey": "no",
                                        "right": "%any",
                                        "rightprotoport": "17/%any",
                                        "type": "transport"
                                },
                                "conn gcp-vpn": {
                                        "authby": "secret",
                                        "auto": "start",
                                        "dpdaction": "clear",
                                        "dpddelay": "30",
                                        "dpdtimeout": "120",
                                        "left": "PU.BL.IC.IP",
                                        "leftsubnet": "192.168.0.0/16",
                                        "right": "RE.MO.TE.IP",
                                        "rightsubnet": "192.168.1.0/16",
                                        "type": "tunnel"
                                }
                        }
                },
                "xl2tpd-conf": {
                        "config": {
                                "lns default": {
                                        "unix authentication": "yes",
                                        "ip range": "192.168.254.5-192.168.254.254",
                                        "local ip": "192.168.254.1"
                                }
                        }
                },
                "options-xl2tpd": {
                        "config": {
                                "login": ""
                        }
                },
                "ipsec-secrets": {
                        "config": {
                                "PU.BL.IC.IP RE.MO.TE.IP": "PSK \"SECRET\"",
                                "PU.BL.IC.IP %any": "PSK \"ANY_SECRET\""
                        }
                }
        }
}

[datacoda]

Ah, thanks @devsibwarra for the info. I'll leave the repo as-is since it's nice to have something transparently stupid at times. Instead, I'll add a pointer to the README to trove branch if that's okay for people who might be interested in more of the smart version of the cookbook.