21 lines
760 B
Django/Jinja
21 lines
760 B
Django/Jinja
# Generated by Ansible.
|
|
# This contains the node-to-node IPSEC configuration from this node's
|
|
# in the {{ network }} to every other node. This also uses a private-or-clear
|
|
# policy, which will drop packages while the negotiation is taking place,
|
|
# but will let packets through if it fails. Thus preferring IPSEC, but
|
|
# allowing clear connections if needed.
|
|
{% for other_ip in other_ips %}
|
|
|
|
conn overcloud-private-node-to-node-{{ network }}-ip-{{ loop.index0 }}
|
|
type=tunnel
|
|
authby=secret
|
|
leftid={{ current_ip }}
|
|
left={{ current_ip }}
|
|
rightid={{ other_ip }}
|
|
right={{ other_ip }}
|
|
failureshunt=passthrough
|
|
auto=start
|
|
retransmit-timeout=2s
|
|
phase2alg={{ ipsec_algorithm }}
|
|
{% endfor %}
|