25 lines
850 B
Django/Jinja
25 lines
850 B
Django/Jinja
# Generated by Ansible.
|
|
# This contains the Opportunistic IPSEC configuration from this node's
|
|
# in the {{ network }} to every other node. This also uses a private-or-clear
|
|
# policy, which will drop packages while the negotiation is taking place,
|
|
# but will let packets through if it fails. Thus preferring IPSEC, but
|
|
# allowing clear connections if needed.
|
|
conn overcloud-private-or-clear-{{ network }}-ip
|
|
type=tunnel
|
|
authby=null
|
|
leftid=%null
|
|
rightid=%null
|
|
left={{ current_ip }}
|
|
right=%opportunisticgroup
|
|
rightmodecfgclient=yes
|
|
negotiationshunt=drop
|
|
failureshunt=passthrough
|
|
ikev2=insist
|
|
auto=start
|
|
keyingtries=1
|
|
retransmit-timeout=2s
|
|
# To support being behind NAT
|
|
leftmodecfgclient=yes
|
|
leftcat=yes
|
|
narrowing=yes
|