tripleo-ipsec/templates/ipsec-node-to-node-private-or-clear.conf.j2

# Generated by Ansible.
# This contains the node-to-node IPSEC configuration from this node's
# in the {{ network }} to every other node. This also uses a private-or-clear
# policy, which will drop packages while the negotiation is taking place,
# but will let packets through if it fails. Thus preferring IPSEC, but
# allowing clear connections if needed.
{% for other_ip in other_ips %}

conn overcloud-private-node-to-node-{{ network }}-ip-{{ loop.index0 }}
        type=tunnel
        authby=secret
        leftid={{ current_ip }}
        left={{ current_ip }}
        rightid={{ other_ip }}
        right={{ other_ip }}
        failureshunt=passthrough
        auto=start
        retransmit-timeout=2s
        phase2alg={{ ipsec_algorithm }}
{% endfor %}