projects / pennestraat-domotica / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0738378)
IPSec certificates
authorKristof Provost <kp@FreeBSD.org>
Sun, 28 Apr 2024 11:04:22 +0000 (13:04 +0200)
committerKristof Provost <kp@FreeBSD.org>
Sun, 28 Apr 2024 11:04:22 +0000 (13:04 +0200)
Install ipsec.conf (iapetus only for now) and certificate files.

ansible/inventory-routers.yaml patch | blob | history
ansible/roles/router/tasks/main.yaml patch | blob | history
ansible/roles/router/templates/cacerts/sigsegv.be.pem [new file with mode: 0644] patch | blob
ansible/roles/router/templates/certs/iapetus.saturn.sigsegv.be.pem [new file with mode: 0644] patch | blob
ansible/roles/router/templates/certs/jupiter.sigsegv.be.pem [new file with mode: 0644] patch | blob
ansible/roles/router/templates/certs/phobos.mars.sigsegv.be.pem [new file with mode: 0644] patch | blob
ansible/roles/router/templates/ipsec_iapetus.conf [new file with mode: 0644] patch | blob

diff --git a/ansible/inventory-routers.yaml b/ansible/inventory-routers.yaml
index c94adcb..b928ee8 100644 (file)
--- a/ansible/inventory-routers.yaml
+++ b/ansible/inventory-routers.yaml
@@ -5,6 +5,7 @@ routers:
       ansible_port: 2400
       ansible_host: kosmos.sigsegv.be
       lan_ip: "10.0.1.1/24"
+      ipsec_conf: "ipsec_iapetus.conf"
 initial:
   hosts:
     poudriere-image:
diff --git a/ansible/roles/router/tasks/main.yaml b/ansible/roles/router/tasks/main.yaml
index 7f00809..a991eb5 100644 (file)
--- a/ansible/roles/router/tasks/main.yaml
+++ b/ansible/roles/router/tasks/main.yaml
@@ -35,3 +35,38 @@
   community.general.sysrc:
     name: ntpdate_enable
     value: "YES"
+- name: Install strongswan
+  community.general.pkgng:
+    name: strongswan
+    state: present
+  become: true
+- name: install ipsec.conf
+  template:
+    src: "{{ ipsec_conf }}"
+    dest: "/usr/local/etc/ipsec.conf"
+    owner: root
+    group: wheel
+    mode: 0644
+  become: true
+- name: install certificates
+  template:
+    src: "{{ item.src }}"
+    dest: "/usr/local/etc/ipsec.d/certs/"
+    owner: root
+    group: wheel
+    mode: 0644
+  with_filetree: '{{ role_path }}/templates/certs'
+  when: item.state == 'file'
+  become: true
+- name: install ca cert
+  template:
+    src: "cacerts/sigsegv.be.pem"
+    dest: "/usr/local/etc/ipsec.d/cacert/"
+    owner: root
+    group: wheel
+    mode: 0644
+  become: true
+- name: ipsec enable
+  community.general.sysrc:
+    name: strongswan_enable
+    value: "YES"
diff --git a/ansible/roles/router/templates/cacerts/sigsegv.be.pem b/ansible/roles/router/templates/cacerts/sigsegv.be.pem
new file mode 100644 (file)
index 0000000..630314d
--- /dev/null
+++ b/ansible/roles/router/templates/cacerts/sigsegv.be.pem
@@ -0,0 +1,36 @@
+-----BEGIN CERTIFICATE-----
+MIIGOTCCBCGgAwIBAgIJALHcVkgOwq0eMA0GCSqGSIb3DQEBCwUAMHAxCzAJBgNV
+BAYTAkJFMRcwFQYDVQQIEw5WbGFhbXMtQnJhYmFudDETMBEGA1UEBxMKR3JpbWJl
+cmdlbjEQMA4GA1UEChMHU2lnc2VndjEhMB8GCSqGSIb3DQEJARYSa3Jpc3RvZkBz
+aWdzZWd2LmJlMB4XDTE4MDYyMjEyNTQwNloXDTM4MDYxNzEyNTQwN1owcDELMAkG
+A1UEBhMCQkUxFzAVBgNVBAgTDlZsYWFtcy1CcmFiYW50MRMwEQYDVQQHEwpHcmlt
+YmVyZ2VuMRAwDgYDVQQKEwdTaWdzZWd2MSEwHwYJKoZIhvcNAQkBFhJrcmlzdG9m
+QHNpZ3NlZ3YuYmUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDF05xU
+T6KT3pdrRY0Gb3Ww0Wf+WWsNBH2Ela9wcsIeB8XkkFlsCKIBZlOB+PaKJ+OheJs7
+7840EuwVW4CRH6Sjz24RmzQZi9NhwtwWtzGDcgHan8/y9abLDMlP6esdV56Nv7EB
+HKmpQ0fPyyt3nYR9YnR2PXYI5REMucuNmJR3zQNGoQ/Z/l0Qr5dxH+RqaCQnypGW
+rqZzf/G2M2aaZDs42L3/prH2cTTNZXE89MOUcBFxPpQShvdQeUXSafg8SRIF5g79
+wGjBAE35j7BtF/eShUaFlnY/6gGsJd11ZjjHvDuxFysQgH3RrAyZ4f5bVEKHxgCB
+/qlfA8Oe6c5l3JSzP+Iq/hyjuCJ+YxmKC4wYIqX5J35aPu77LxZejijrqP8pbbvc
+bMsW4gFG0i/+8Mk4QHdWiHP7JOoeOGuLWeMaDtHPpaaS0cfQ+JhwlSMRB7Xd9/Ed
+beMyBLNmramaiZ9GAOoJClzz2IbtnkzbbgOllkUK0y1DbctRb3Xm9g+ZzfDQwwHs
+J7CDj2Enu0DoHlB3VThM7+2NdWD1tOoQLG+MCTmjLhFi7zNDVImRwDSEMwCpIwKn
+2xwLJqnxt2mNnWnv57jBWGzgYgEj9nOmriUgQqn+9CDuStKgo7pai1yB/0SBeGGM
+ooYWYorjtRyAPB9wZeBpcqijcX8fBoOrLyivqQIDAQABo4HVMIHSMB0GA1UdDgQW
+BBQJMJAJRKvCKsGioNyR2ieSJ6ltWDCBogYDVR0jBIGaMIGXgBQJMJAJRKvCKsGi
+oNyR2ieSJ6ltWKF0pHIwcDELMAkGA1UEBhMCQkUxFzAVBgNVBAgTDlZsYWFtcy1C
+cmFiYW50MRMwEQYDVQQHEwpHcmltYmVyZ2VuMRAwDgYDVQQKEwdTaWdzZWd2MSEw
+HwYJKoZIhvcNAQkBFhJrcmlzdG9mQHNpZ3NlZ3YuYmWCCQCx3FZIDsKtHjAMBgNV
+HRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQAcsRABLvN3cfPi/4dNafce40bo
+983tQJvkOpWDZV6jB2bjGj82t+0eoeRwucw7kS+H0+OLHSA8kjcV3hEvXzcRs2DP
+BvzbZLa+8Dj3Bjw3w006KdFRQFl0pcNKn2fX7OzxNSOCoyEqh0qDGaTgbb6jaFBB
+RGVQP3nkkFoe6ZpJ8rzWHcP7Z9tlY8ldo0iCfA4iWdoxC+u2XN260GiiXhtx6dew
+ZMJZ+Gj/0kPPxHlB7KpmcJrm+4hFWWyiJSes0S6GSTmbXZDWlcXT0124Nw+0PdbT
+sx3NTXrYJQN7pViHUchfph3MsqqZ63XzKSFGrQLKMLurNUFuspLJcH8OSoDtpqpd
+W/4+2HccEpSA+fPeZ8pA+dssf4nCZiXC4neM08/skbQpabrWY/A2NxrEYYvsSnMX
+PcHdmKend4sbwSJPLkcNisppA5JjESA4BcuS5VbTdcPqyQkqt7iIGnGnG1E76Ipv
+dxXADS2JmklNaMtKt2scxJh9yMYe6Y0Mk/ivPhjrFcAN4KmpMBZ8PR6FbADU8Mqw
+8ZMvwJDrSGcSkQxR0URRveScoQ0MJ8hNiAjKBNmrS6/fmK5FtR026tQFW5okhd6R
+ccBdDTjCqvcQwEuZiS3UNmmJlPPbhamRXFzRSoelOlNURCT4Q8dX1VEbHdpGhxpm
+7zL8JWCIM++cLMdTzg==
+-----END CERTIFICATE-----
diff --git a/ansible/roles/router/templates/certs/iapetus.saturn.sigsegv.be.pem b/ansible/roles/router/templates/certs/iapetus.saturn.sigsegv.be.pem
new file mode 100644 (file)
index 0000000..dfec0a0
--- /dev/null
+++ b/ansible/roles/router/templates/certs/iapetus.saturn.sigsegv.be.pem
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF5zCCA8+gAwIBAgIDEABvMA0GCSqGSIb3DQEBCwUAMHAxCzAJBgNVBAYTAkJF
+MRcwFQYDVQQIEw5WbGFhbXMtQnJhYmFudDETMBEGA1UEBxMKR3JpbWJlcmdlbjEQ
+MA4GA1UEChMHU2lnc2VndjEhMB8GCSqGSIb3DQEJARYSa3Jpc3RvZkBzaWdzZWd2
+LmJlMB4XDTIzMTIxMzA5NTg0OFoXDTI2MDIxOTA5NTg0OFowfzELMAkGA1UEBhMC
+QkUxFzAVBgNVBAgMDlZsYWFtcy1CcmFiYW50MRAwDgYDVQQKDAdTaWdzZWd2MSIw
+IAYDVQQDDBlpYXBldHVzLnNhdHVybi5zaWdzZWd2LmJlMSEwHwYJKoZIhvcNAQkB
+FhJrcmlzdG9mQHNpZ3NlZ3YuYmUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
+AoICAQDohI/iDr0jY+A3FB0x3XZci19CBmc7Ap1wU13BQX1fVfxKMIIMfVSl7RTP
++3bJ3jOK2gKSrtzFt8EMwPoMeeGV5KUTQz7slbv8CQiCqCrJBaZ6b8sWQACaw5Ku
+n1l6+A+7aE9+gV9K+JZomqUKOc0TZw0un+3+3RqIpBT9oo6Dt4ZuLu6NcNydZwIQ
+yZeRKmQmdDsG4PWvg0PNjQcjTc46CfUi2XfoyStPNRaWnybezWoepolaNaTr3G9E
+513DvglJeWhMsiW/ldII1ScaRVHeX1pimp6HyDew6ccjAuia4UtCybQ93poMHySH
+sWWPCgsz7bkbAWYiqtzaXHRchxTihj7uJLHxQNT2FhkzHndf90hrCVjGKp+MoRtz
+kVQq0JzApD76olY5GnsOuHgPr2iTofZgKtL6c5HVPGCwj6zEk2/rp9bUYxGXQAFp
+FFXQYAhGUj5u9KPnTVBiIHGX5x4avB/OTtLXI5pLhFAru1wS5fRkPhSnt4Da41yf
+WpI4mBD6JY5x1BmnyIPrCVI5367xD+7C24J0Sr2GNgjKkKoX3xNwinxaGUaXWd3t
+/vM0orNRWSTdM0eyASRW8kYtd7HeZPdbsQYTedGwnt7uflbHqGMFyGIF58jd+7mI
+ksmvlQPNTgCR9G2QySSDfgO2zhKDJACbtFRj/tq7JlhKQ5XiywIDAQABo3sweTAJ
+BgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0
+aWZpY2F0ZTAdBgNVHQ4EFgQUpe0G+AxSzvBX+jcSrwWTqMmdNeswHwYDVR0jBBgw
+FoAUCTCQCUSrwirBoqDckdonkiepbVgwDQYJKoZIhvcNAQELBQADggIBAEfE73tA
+jJtCo8+lZ3Nnzlwx5VC7UALixirwDkmk9ow8ugVrsZOyc/8azG4NCLXPIAlxJB6V
+AsTUP7eTYgxUNXnVm3RMwmoUPI4Jqph89wzgq1Sb84WshaMGR8V+9jvdujJ/nCl1
+8ABJenckz/p7fmHnauWfdRW+TbIFjUAqVEa9dRjeGv+AGLeTlBXS4LPLDdNrdvnI
+zJ+VBkJur7N5Q7nPw45x1Xah9Bq2+Cid7rQkDIqSK54QbqySbNRjcCvpVTzWEFC6
+URMiIkw3ejWV+OS6PWH91Pxzd0WQNhcwMklnZkd+B9Uv/N+UGC1v91+RlnKTDyp3
+auImrbxIH/ncL/CVartGPAd2OlZ0DT6fifhqcc0Z/Y2i2s6Z14eIVbwYDAgU8ZEy
+cwTr91vbCQCwkDlCcNC5ZhIXi+wRKc5vR3miFJrEjjuD6KqgIimUQrO53fMDRwDH
+JrKOsDpn/p2mZPoEHiWE+622MntL8UpKYT6DPnhAN3Nb87Fm5kQ7ATdiC9V4Rc4t
+72MzndlN6GHjUu4AtCD9kz/+NqlGXhZW8bZ3sx60pVPMWzy2irtY4sgpeD8uIWV7
+tbZaInMoTIiIdalULjmttb66AfKCV+MZ9sHSoYX/dRrHFCebRxG5HdIiGyCrqL52
+dBa7jK3DzCf87aiTvS4P7vNnZHze/IpvxLlT
+-----END CERTIFICATE-----
diff --git a/ansible/roles/router/templates/certs/jupiter.sigsegv.be.pem b/ansible/roles/router/templates/certs/jupiter.sigsegv.be.pem
new file mode 100644 (file)
index 0000000..e634c68
--- /dev/null
+++ b/ansible/roles/router/templates/certs/jupiter.sigsegv.be.pem
@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFvTCCA6WgAwIBAgIDEABtMA0GCSqGSIb3DQEBCwUAMHAxCzAJBgNVBAYTAkJF
+MRcwFQYDVQQIEw5WbGFhbXMtQnJhYmFudDETMBEGA1UEBxMKR3JpbWJlcmdlbjEQ
+MA4GA1UEChMHU2lnc2VndjEhMB8GCSqGSIb3DQEJARYSa3Jpc3RvZkBzaWdzZWd2
+LmJlMB4XDTIzMTIxMzA5NTIxMFoXDTI2MDIxOTA5NTIxMFowVTELMAkGA1UEBhMC
+QkUxFzAVBgNVBAgMDlZsYWFtcy1CcmFiYW50MRAwDgYDVQQKDAdTaWdzZWd2MRsw
+GQYDVQQDDBJqdXBpdGVyLnNpZ3NlZ3YuYmUwggIiMA0GCSqGSIb3DQEBAQUAA4IC
+DwAwggIKAoICAQC/s4cyb6LUGf+zfZ4xCMEfVSRIZpfp99uAopgsiDOGO0SsN2Lo
+MGlmYSA7ZHogVrCFJP351tb82zMyp/KMsjBWiiofD/J0jP5HpAY/wcw90Zcopw36
+OEMq2N+IvtnxTYFExo84Q7dq0gzdYYexLmq2tDqPBG/A5rB/jXItozN2Y8mNwHa8
+Yy8qtRTQPp64oAjDvJyL+notqBfTzlkhGDW0msgNTI1ZbP5mroN+LfykscT4m5iA
+Lpgw/hlEcnImG1acRO5pT7eBU8aXr7MzLlhjQKnpojJvrxY57J8UBDpDLn6qsxW5
+zWMd0BTB4ZDCjYanflbSpE0uDdUiPtzgJl9V0ZgmMAztmxncZ5CQXPNnpiIqGfll
+EEqonPes8rvZVZIKLlHYT6oRzUVN2CZ5bJ+3d+zh7FRwyxwRgCkalqWwyzOB5k2z
+Nr+xz4rlpunP3ZvB7FWvRWvPM8fL9wq70VxsVN/lcMcOlBVBIOKf8hZ6x0LJglUp
+BRaT4xbr9FESnGC5DZEwyG6eOoKjLcyKdnlkjwFhrE7av3ecg5Hkd1nA2nbGcJut
+Vk4VCNc5tICXMBnlPUYtks5ygX5tVYPnr8QuV3TaKS2vUw9OJngDHK3Z1kT46Jr9
+BzVJDLSLT1X3zZAMueDt1bfI/1HLSrsThHmB+AMk8GCvTWC2iAHAMVHePQIDAQAB
+o3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRl
+ZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUBlwsp45SF2DGFcDRc6zNC7L78t4wHwYD
+VR0jBBgwFoAUCTCQCUSrwirBoqDckdonkiepbVgwDQYJKoZIhvcNAQELBQADggIB
+AKzvWgwXZeUVtNT7Qym0XAyEX/EAiqqtgQEzJzjJRsN1k8S+ncNrxco9QbYzIYjz
+Mo53Ny5Ox9uMUSndljbvOG1idWwtKtZBL3SrNrQHifdKZQzy0lV0IVIbsTmBZAGs
+UuNZ+a8q54KJoVIsG8GoLFkYg7MsIkiXQN4sSfVQ51zDmbtMfND6fL7juO/bMfd5
+/JptmEIrnfDBph66US3dcH8MMZoBFyIWMXKBfK8BkYrFxagFPzKEBaZFbQPbT0hR
+lLWcDTtXYtOEw9DSIGxjt9QV97evO8UYiVR2d2CLog9EARthp0EID18tRSea9Uca
+XtahzknF/ReK78ijrrgw5rEfFidszI2eAzlQHFz2E3Heemxun3J/QdEhSPAwC9nJ
+7uMjvlqQ3UhI5wbQW1QC+rCveffCk7Huw72V7wFFa9MarqtKY8MfuvntIeqx1N5o
+8fdql8YNYXDL7bYxXUWbkI/id6nTFuQ3hupj5nvLYrU4ltOL7xGlOOYaxE9sy/R6
+Itz+kFzwPN9DLOCdr6LMEj8d5Qqhy34eZH3L5nqAyiMlqqVfdmn4kTCcji4s5a2B
+lQeqxGmb+todAGE76Jvq3Rawxy/uN+qSsOC0uZjiptCV5MT/bDtcJqbSD18Ihke3
+qL4PECXndgAYi75EVIzlgCiYeF0B7BGy1BdlhRjvg21z
+-----END CERTIFICATE-----
diff --git a/ansible/roles/router/templates/certs/phobos.mars.sigsegv.be.pem b/ansible/roles/router/templates/certs/phobos.mars.sigsegv.be.pem
new file mode 100644 (file)
index 0000000..92738ec
--- /dev/null
+++ b/ansible/roles/router/templates/certs/phobos.mars.sigsegv.be.pem
@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFwTCCA6mgAwIBAgIDEABuMA0GCSqGSIb3DQEBCwUAMHAxCzAJBgNVBAYTAkJF
+MRcwFQYDVQQIEw5WbGFhbXMtQnJhYmFudDETMBEGA1UEBxMKR3JpbWJlcmdlbjEQ
+MA4GA1UEChMHU2lnc2VndjEhMB8GCSqGSIb3DQEJARYSa3Jpc3RvZkBzaWdzZWd2
+LmJlMB4XDTIzMTIxMzA5NTUwNloXDTI2MDIxOTA5NTUwNlowWTELMAkGA1UEBhMC
+QkUxFzAVBgNVBAgMDlZsYWFtcy1CcmFiYW50MRAwDgYDVQQKDAdTaWdzZWd2MR8w
+HQYDVQQDDBZwaG9ib3MubWFycy5zaWdzZWd2LmJlMIICIjANBgkqhkiG9w0BAQEF
+AAOCAg8AMIICCgKCAgEA240Oqz8ZML94b7HomUXl0RmxkSvt21inhAfQDfnIaVyD
+VARMTfUSukKZv68HFAFXr41sfNOzheVnsBkKNjraf4qwU6v4FVmb9iOkZ1MoVb7V
+qHJ1qMRjTf33HbL4LcOCYz/nx+OkpKRrayCh6AQjWQzJblqZKAj3vtTkfJ/y8Bx+
+I5H52cCmhs+FBuu7SyOzAHbdqYNg4oJvVu4/256Z33w3iyMF4TshtcheiD8VBfdL
+QDaqIc+f8vx4/W3VibAkbJiGeWDglRIH65ZjJXPgCfwi45vGRSAhuYbqQTTQBjBb
+fsQKdg14L1JE/CxLZAhzticWBAG6J3IqdRnO3/2zwaWI2i2QM4LaZW/l3sawUeJk
+QEUGVweQDOMWclE51HT5cp78b0Mu9wY7CDUrMI0pIb+M1+B6QhSuLPZGqagOQ8uS
+ktWgfyTW9N+LqcQ7+rpJ9jqbPbDD8qwf/Q21FVTiG2C5Ey3RAr0ThXk1RGEyQ++O
+drlS68voYighoQfVJkdsLoQ0dO9Jj620E0PuPwjnCpwEH1vFoii/nTHqsndjAHgz
+YGAgSaBPXUOEMp2pTmk9PvOYKTu2lL7nIWjLyASiIeg9B9+L0ZIf19yPJKEMWcNg
+cGiIHXS/EbDeieXLeSaRBd9T2D2kN6Ik54bTpifFvszHozdK1+FZSJJUaxMUFgkC
+AwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5l
+cmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFEIXof633BLZu9wvWxQEGRpKU8us
+MB8GA1UdIwQYMBaAFAkwkAlEq8IqwaKg3JHaJ5InqW1YMA0GCSqGSIb3DQEBCwUA
+A4ICAQBrS9Yc/BerPKmvL+TBFRtEfqnT/UH3CrULo0Z+xp/FgLEj2WgO6h90HwUT
+K+wm1vUCKBaiZOjaxrMLMQgHn+FvHtbiGI5uSlJKgD7CzEd/iogr/9U3PpWFkAYN
+bBTLqcbxD2Emg3EDslWBGd9DIWSXKizitJedCkvvykpO6wkISFoVQ0UVw7MyT5tO
+wNdssgJN4qkETS/asInrhVQLmkEUczjNDL21AuEGOsH0OMXJxmWWoKoZb6F9cMup
+wYDKbZwuW77Qv/PNXpJ7CgJCKSnIGiQpivnMYxyOWLtFY4vSm8oXd9o73CgNXT/e
+9sFEpBQFDPIT393aFF0eJSNq9sL3LnGW+L/eOWbEWMOCh73/Naj5W1wmM7pl7D55
+SD6dqqayMEnb8Nf9icF3pk3XNnW0zBM9gVaEeb5dm86WehiyvFQUS5MHMqc9rKyQ
+McvVgcWPutc+TgearbgpNFsxuXqG7+Xl+f20o22AifeQUSrmFp1jJQAsoI3mjv/6
+e9GlJwA4mJVJNuhlrJgoOkt/YZiUCb0umaXXfBrElkn/wq5h47v5uysAJc0RfBcw
+8SIIVPzpcNrrEG4RRJ0mdJ/J0pFNs61EGYa2ewvnyqBWEzDGukcRIoVB7CRZ6IDw
+uzKsjvuJ2sAprZn/vHwfLMQW89QkaEr3i3g1gFMxJVVEPl/u9A==
+-----END CERTIFICATE-----
diff --git a/ansible/roles/router/templates/ipsec_iapetus.conf b/ansible/roles/router/templates/ipsec_iapetus.conf
new file mode 100644 (file)
index 0000000..9379d0b
--- /dev/null
+++ b/ansible/roles/router/templates/ipsec_iapetus.conf
@@ -0,0 +1,42 @@
+# ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+       # strictcrlpolicy=yes
+       # uniqueids = no
+       nat_traversal=no
+       charonstart=yes
+       plutostart=yes
+
+conn jupiter
+  authby=pubkey
+  keyexchange=ikev2
+  left=pfsense.sigsegv.be
+  leftid="CN=jupiter.sigsegv.be"
+  leftallowany=yes
+  leftsubnet=10.0.2.0/24,172.16.0.0/16
+  leftcert=jupiter.sigsegv.be.pem
+  right=thuis.sigsegv.be
+  rightid="CN=iapetus.saturn.sigsegv.be"
+  rightallowany=yes
+  rightsubnet=10.0.1.0/24
+  rightcert=iapetus.saturn.sigsegv.be.pem
+  auto=start
+  closeaction=restart
+  dpdaction=restart
+
+conn mars
+  authby=pubkey
+  keyexchange=ikev2
+  left=natalie.sigsegv.be
+  leftid="CN=phobos.mars.sigsegv.be"
+  leftallowany=yes
+  leftsubnet=10.0.3.0/24
+  leftcert=phobos.mars.sigsegv.be.pem
+  right=thuis.sigsegv.be
+  rightid="CN=iapetus.saturn.sigsegv.be"
+  rightallowany=yes
+  rightsubnet=10.0.1.0/24
+  rightcert=iapetus.saturn.sigsegv.be.pem
+  auto=start
+  closeaction=restart
+  dpdaction=restart
System installer and configuration for Logo interface devices