Closed badnetmask closed 2 years ago
[citest commit:7966f6e9f5925d73bcf634fa4e478698865a321b]
ok - https://github.com/linux-system-roles/vpn/pull/66 was merged - please rebase
Can you do a rebase without a merge commit?
I created another PR
if tunnel.hosts[host2]['shared_key_content']
shared_key_content
Sorry, when I saw your rebase note I had already merged. What should I do now?
Sorry, when I saw your rebase note I had already merged. What should I do now?
one of these
git rebase -i master
with your branch to squash into a single commit, then incorporate the additional commits from https://github.com/linux-system-roles/vpn/pull/68[citest]
If we accept this PR, we're going to need a follow up PR to add testing for the new parameters, otherwise, QE is going to be very unhappy, and/or we won't be able to put this functionality into the downstream product. @ueno can you help write some tests for leftid/rightid
, ike_enc_alg
, esp_enc_alg
, and type
?
[citest] At least tests_host_to_host_psk_custom.yml should pass
[citest]
Use case
Ansible host is a regular application server running RHEL 8, and needs to establish an IPSec connection to a NetApp storage. The storage is managed by various other means (either Ansible or other proprietary tools), but requires very specific parameters in order to establish a connection.
This pull request implements the necessary methods to pass all the required parameters to the tunnel configuration.
Features that have been added
no_log
has been added to the beginning of the opportunistic configuration to prevent leak of the PSK.Options that have been added
shared_key_content
-- the PSK in plain text (added a note to README about secrecy of the value).leftid
andrightid
-- the IPSec ID of each host (when different from the FQDN).ike_enc_alg
andesp_enc_alg
-- Allow detailed specification of the encryption algorithms.type
-- Tunnel or transport.retransmit_timeout
-- IKE packet re-transmit timeout.