An ansible role that installs and enables strongswan on Linux.
This role uses a swanctl.conf instead of ipsec.conf, and uses distributions' packages only. (it means this role doesn't build and install strongswan from the source.)
most of the ideas are taken from https://github.com/serverbee/ansible-role-strongswan.
Tested on:
- Ubuntu 20.04 and 22.04
- Debian 11
None.
strongswan_swanctl_settings: Set all settings for swanctl.conf in YAML.
-
strongswan_config_file: stronswan configuration file. (Default:/etc/strongswan.d/01-strongswan.conf) -
strongswan_swanctl_config_file: swanctl configuration file. (Default:/etc/swanctl/conf.d/swanctl.conf) -
strongswan_settings: Set all settings for the strongswan configuration file in YAML. The default variable is the following:strongswan_settings: charon: filelog: charon: path: &strongswan_log_path "/var/log/charon.log" stderr: ike: 2 knl: 3
-
strongswan_log_rotation: Set settings in Dict format for rotating the strongswan log. It includes the below keys:-
enable: enabling the rotation. (Default:true) -
conf_path: the installing file path of the logrotate configuration file. (Default:/etc/logrotate.d/charon) -
log_path: the file path of the log file. (Default:*stronswan_log_path. It indicates/var/log/charon.login default setting) -
settings: the settings of log rotation. The default content is the following:missingok copytruncate compress notifempty daily rotate 5
-
None.
- hosts: all
roles:
- poppen.strongswanBSD-3-Clause
Shinsuke MATSUI