From a9129b21aa90b8a3d8ba6fece0897dabf3d5e4b7 Mon Sep 17 00:00:00 2001 From: Kristof Provost Date: Sun, 28 Apr 2024 13:04:22 +0200 Subject: [PATCH] IPSec certificates Install ipsec.conf (iapetus only for now) and certificate files. --- ansible/inventory-routers.yaml | 1 + ansible/roles/router/tasks/main.yaml | 35 ++++++++++++++++ .../router/templates/cacerts/sigsegv.be.pem | 36 ++++++++++++++++ .../certs/iapetus.saturn.sigsegv.be.pem | 34 +++++++++++++++ .../templates/certs/jupiter.sigsegv.be.pem | 33 +++++++++++++++ .../certs/phobos.mars.sigsegv.be.pem | 33 +++++++++++++++ .../roles/router/templates/ipsec_iapetus.conf | 42 +++++++++++++++++++ 7 files changed, 214 insertions(+) create mode 100644 ansible/roles/router/templates/cacerts/sigsegv.be.pem create mode 100644 ansible/roles/router/templates/certs/iapetus.saturn.sigsegv.be.pem create mode 100644 ansible/roles/router/templates/certs/jupiter.sigsegv.be.pem create mode 100644 ansible/roles/router/templates/certs/phobos.mars.sigsegv.be.pem create mode 100644 ansible/roles/router/templates/ipsec_iapetus.conf diff --git a/ansible/inventory-routers.yaml b/ansible/inventory-routers.yaml index c94adcb..b928ee8 100644 --- a/ansible/inventory-routers.yaml +++ b/ansible/inventory-routers.yaml @@ -5,6 +5,7 @@ routers: ansible_port: 2400 ansible_host: kosmos.sigsegv.be lan_ip: "10.0.1.1/24" + ipsec_conf: "ipsec_iapetus.conf" initial: hosts: poudriere-image: diff --git a/ansible/roles/router/tasks/main.yaml b/ansible/roles/router/tasks/main.yaml index 7f00809..a991eb5 100644 --- a/ansible/roles/router/tasks/main.yaml +++ b/ansible/roles/router/tasks/main.yaml @@ -35,3 +35,38 @@ community.general.sysrc: name: ntpdate_enable value: "YES" +- name: Install strongswan + community.general.pkgng: + name: strongswan + state: present + become: true +- name: install ipsec.conf + template: + src: "{{ ipsec_conf }}" + dest: "/usr/local/etc/ipsec.conf" + owner: root + group: wheel + mode: 0644 + become: true +- name: install certificates + template: + src: "{{ item.src }}" + dest: "/usr/local/etc/ipsec.d/certs/" + owner: root + group: wheel + mode: 0644 + with_filetree: '{{ role_path }}/templates/certs' + when: item.state == 'file' + become: true +- name: install ca cert + template: + src: "cacerts/sigsegv.be.pem" + dest: "/usr/local/etc/ipsec.d/cacert/" + owner: root + group: wheel + mode: 0644 + become: true +- name: ipsec enable + community.general.sysrc: + name: strongswan_enable + value: "YES" diff --git a/ansible/roles/router/templates/cacerts/sigsegv.be.pem b/ansible/roles/router/templates/cacerts/sigsegv.be.pem new file mode 100644 index 0000000..630314d --- /dev/null +++ b/ansible/roles/router/templates/cacerts/sigsegv.be.pem @@ -0,0 +1,36 @@ +-----BEGIN CERTIFICATE----- +MIIGOTCCBCGgAwIBAgIJALHcVkgOwq0eMA0GCSqGSIb3DQEBCwUAMHAxCzAJBgNV +BAYTAkJFMRcwFQYDVQQIEw5WbGFhbXMtQnJhYmFudDETMBEGA1UEBxMKR3JpbWJl +cmdlbjEQMA4GA1UEChMHU2lnc2VndjEhMB8GCSqGSIb3DQEJARYSa3Jpc3RvZkBz +aWdzZWd2LmJlMB4XDTE4MDYyMjEyNTQwNloXDTM4MDYxNzEyNTQwN1owcDELMAkG +A1UEBhMCQkUxFzAVBgNVBAgTDlZsYWFtcy1CcmFiYW50MRMwEQYDVQQHEwpHcmlt +YmVyZ2VuMRAwDgYDVQQKEwdTaWdzZWd2MSEwHwYJKoZIhvcNAQkBFhJrcmlzdG9m +QHNpZ3NlZ3YuYmUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDF05xU +T6KT3pdrRY0Gb3Ww0Wf+WWsNBH2Ela9wcsIeB8XkkFlsCKIBZlOB+PaKJ+OheJs7 +7840EuwVW4CRH6Sjz24RmzQZi9NhwtwWtzGDcgHan8/y9abLDMlP6esdV56Nv7EB +HKmpQ0fPyyt3nYR9YnR2PXYI5REMucuNmJR3zQNGoQ/Z/l0Qr5dxH+RqaCQnypGW +rqZzf/G2M2aaZDs42L3/prH2cTTNZXE89MOUcBFxPpQShvdQeUXSafg8SRIF5g79 +wGjBAE35j7BtF/eShUaFlnY/6gGsJd11ZjjHvDuxFysQgH3RrAyZ4f5bVEKHxgCB +/qlfA8Oe6c5l3JSzP+Iq/hyjuCJ+YxmKC4wYIqX5J35aPu77LxZejijrqP8pbbvc +bMsW4gFG0i/+8Mk4QHdWiHP7JOoeOGuLWeMaDtHPpaaS0cfQ+JhwlSMRB7Xd9/Ed +beMyBLNmramaiZ9GAOoJClzz2IbtnkzbbgOllkUK0y1DbctRb3Xm9g+ZzfDQwwHs +J7CDj2Enu0DoHlB3VThM7+2NdWD1tOoQLG+MCTmjLhFi7zNDVImRwDSEMwCpIwKn +2xwLJqnxt2mNnWnv57jBWGzgYgEj9nOmriUgQqn+9CDuStKgo7pai1yB/0SBeGGM +ooYWYorjtRyAPB9wZeBpcqijcX8fBoOrLyivqQIDAQABo4HVMIHSMB0GA1UdDgQW +BBQJMJAJRKvCKsGioNyR2ieSJ6ltWDCBogYDVR0jBIGaMIGXgBQJMJAJRKvCKsGi +oNyR2ieSJ6ltWKF0pHIwcDELMAkGA1UEBhMCQkUxFzAVBgNVBAgTDlZsYWFtcy1C +cmFiYW50MRMwEQYDVQQHEwpHcmltYmVyZ2VuMRAwDgYDVQQKEwdTaWdzZWd2MSEw +HwYJKoZIhvcNAQkBFhJrcmlzdG9mQHNpZ3NlZ3YuYmWCCQCx3FZIDsKtHjAMBgNV +HRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQAcsRABLvN3cfPi/4dNafce40bo +983tQJvkOpWDZV6jB2bjGj82t+0eoeRwucw7kS+H0+OLHSA8kjcV3hEvXzcRs2DP +BvzbZLa+8Dj3Bjw3w006KdFRQFl0pcNKn2fX7OzxNSOCoyEqh0qDGaTgbb6jaFBB +RGVQP3nkkFoe6ZpJ8rzWHcP7Z9tlY8ldo0iCfA4iWdoxC+u2XN260GiiXhtx6dew +ZMJZ+Gj/0kPPxHlB7KpmcJrm+4hFWWyiJSes0S6GSTmbXZDWlcXT0124Nw+0PdbT +sx3NTXrYJQN7pViHUchfph3MsqqZ63XzKSFGrQLKMLurNUFuspLJcH8OSoDtpqpd +W/4+2HccEpSA+fPeZ8pA+dssf4nCZiXC4neM08/skbQpabrWY/A2NxrEYYvsSnMX +PcHdmKend4sbwSJPLkcNisppA5JjESA4BcuS5VbTdcPqyQkqt7iIGnGnG1E76Ipv +dxXADS2JmklNaMtKt2scxJh9yMYe6Y0Mk/ivPhjrFcAN4KmpMBZ8PR6FbADU8Mqw +8ZMvwJDrSGcSkQxR0URRveScoQ0MJ8hNiAjKBNmrS6/fmK5FtR026tQFW5okhd6R +ccBdDTjCqvcQwEuZiS3UNmmJlPPbhamRXFzRSoelOlNURCT4Q8dX1VEbHdpGhxpm +7zL8JWCIM++cLMdTzg== +-----END CERTIFICATE----- diff --git a/ansible/roles/router/templates/certs/iapetus.saturn.sigsegv.be.pem b/ansible/roles/router/templates/certs/iapetus.saturn.sigsegv.be.pem new file mode 100644 index 0000000..dfec0a0 --- /dev/null +++ b/ansible/roles/router/templates/certs/iapetus.saturn.sigsegv.be.pem @@ -0,0 +1,34 @@ +-----BEGIN CERTIFICATE----- +MIIF5zCCA8+gAwIBAgIDEABvMA0GCSqGSIb3DQEBCwUAMHAxCzAJBgNVBAYTAkJF +MRcwFQYDVQQIEw5WbGFhbXMtQnJhYmFudDETMBEGA1UEBxMKR3JpbWJlcmdlbjEQ +MA4GA1UEChMHU2lnc2VndjEhMB8GCSqGSIb3DQEJARYSa3Jpc3RvZkBzaWdzZWd2 +LmJlMB4XDTIzMTIxMzA5NTg0OFoXDTI2MDIxOTA5NTg0OFowfzELMAkGA1UEBhMC +QkUxFzAVBgNVBAgMDlZsYWFtcy1CcmFiYW50MRAwDgYDVQQKDAdTaWdzZWd2MSIw +IAYDVQQDDBlpYXBldHVzLnNhdHVybi5zaWdzZWd2LmJlMSEwHwYJKoZIhvcNAQkB +FhJrcmlzdG9mQHNpZ3NlZ3YuYmUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQDohI/iDr0jY+A3FB0x3XZci19CBmc7Ap1wU13BQX1fVfxKMIIMfVSl7RTP ++3bJ3jOK2gKSrtzFt8EMwPoMeeGV5KUTQz7slbv8CQiCqCrJBaZ6b8sWQACaw5Ku +n1l6+A+7aE9+gV9K+JZomqUKOc0TZw0un+3+3RqIpBT9oo6Dt4ZuLu6NcNydZwIQ +yZeRKmQmdDsG4PWvg0PNjQcjTc46CfUi2XfoyStPNRaWnybezWoepolaNaTr3G9E +513DvglJeWhMsiW/ldII1ScaRVHeX1pimp6HyDew6ccjAuia4UtCybQ93poMHySH +sWWPCgsz7bkbAWYiqtzaXHRchxTihj7uJLHxQNT2FhkzHndf90hrCVjGKp+MoRtz +kVQq0JzApD76olY5GnsOuHgPr2iTofZgKtL6c5HVPGCwj6zEk2/rp9bUYxGXQAFp +FFXQYAhGUj5u9KPnTVBiIHGX5x4avB/OTtLXI5pLhFAru1wS5fRkPhSnt4Da41yf +WpI4mBD6JY5x1BmnyIPrCVI5367xD+7C24J0Sr2GNgjKkKoX3xNwinxaGUaXWd3t +/vM0orNRWSTdM0eyASRW8kYtd7HeZPdbsQYTedGwnt7uflbHqGMFyGIF58jd+7mI +ksmvlQPNTgCR9G2QySSDfgO2zhKDJACbtFRj/tq7JlhKQ5XiywIDAQABo3sweTAJ +BgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0 +aWZpY2F0ZTAdBgNVHQ4EFgQUpe0G+AxSzvBX+jcSrwWTqMmdNeswHwYDVR0jBBgw +FoAUCTCQCUSrwirBoqDckdonkiepbVgwDQYJKoZIhvcNAQELBQADggIBAEfE73tA +jJtCo8+lZ3Nnzlwx5VC7UALixirwDkmk9ow8ugVrsZOyc/8azG4NCLXPIAlxJB6V +AsTUP7eTYgxUNXnVm3RMwmoUPI4Jqph89wzgq1Sb84WshaMGR8V+9jvdujJ/nCl1 +8ABJenckz/p7fmHnauWfdRW+TbIFjUAqVEa9dRjeGv+AGLeTlBXS4LPLDdNrdvnI +zJ+VBkJur7N5Q7nPw45x1Xah9Bq2+Cid7rQkDIqSK54QbqySbNRjcCvpVTzWEFC6 +URMiIkw3ejWV+OS6PWH91Pxzd0WQNhcwMklnZkd+B9Uv/N+UGC1v91+RlnKTDyp3 +auImrbxIH/ncL/CVartGPAd2OlZ0DT6fifhqcc0Z/Y2i2s6Z14eIVbwYDAgU8ZEy +cwTr91vbCQCwkDlCcNC5ZhIXi+wRKc5vR3miFJrEjjuD6KqgIimUQrO53fMDRwDH +JrKOsDpn/p2mZPoEHiWE+622MntL8UpKYT6DPnhAN3Nb87Fm5kQ7ATdiC9V4Rc4t +72MzndlN6GHjUu4AtCD9kz/+NqlGXhZW8bZ3sx60pVPMWzy2irtY4sgpeD8uIWV7 +tbZaInMoTIiIdalULjmttb66AfKCV+MZ9sHSoYX/dRrHFCebRxG5HdIiGyCrqL52 +dBa7jK3DzCf87aiTvS4P7vNnZHze/IpvxLlT +-----END CERTIFICATE----- diff --git a/ansible/roles/router/templates/certs/jupiter.sigsegv.be.pem b/ansible/roles/router/templates/certs/jupiter.sigsegv.be.pem new file mode 100644 index 0000000..e634c68 --- /dev/null +++ b/ansible/roles/router/templates/certs/jupiter.sigsegv.be.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFvTCCA6WgAwIBAgIDEABtMA0GCSqGSIb3DQEBCwUAMHAxCzAJBgNVBAYTAkJF +MRcwFQYDVQQIEw5WbGFhbXMtQnJhYmFudDETMBEGA1UEBxMKR3JpbWJlcmdlbjEQ +MA4GA1UEChMHU2lnc2VndjEhMB8GCSqGSIb3DQEJARYSa3Jpc3RvZkBzaWdzZWd2 +LmJlMB4XDTIzMTIxMzA5NTIxMFoXDTI2MDIxOTA5NTIxMFowVTELMAkGA1UEBhMC +QkUxFzAVBgNVBAgMDlZsYWFtcy1CcmFiYW50MRAwDgYDVQQKDAdTaWdzZWd2MRsw +GQYDVQQDDBJqdXBpdGVyLnNpZ3NlZ3YuYmUwggIiMA0GCSqGSIb3DQEBAQUAA4IC +DwAwggIKAoICAQC/s4cyb6LUGf+zfZ4xCMEfVSRIZpfp99uAopgsiDOGO0SsN2Lo +MGlmYSA7ZHogVrCFJP351tb82zMyp/KMsjBWiiofD/J0jP5HpAY/wcw90Zcopw36 +OEMq2N+IvtnxTYFExo84Q7dq0gzdYYexLmq2tDqPBG/A5rB/jXItozN2Y8mNwHa8 +Yy8qtRTQPp64oAjDvJyL+notqBfTzlkhGDW0msgNTI1ZbP5mroN+LfykscT4m5iA +Lpgw/hlEcnImG1acRO5pT7eBU8aXr7MzLlhjQKnpojJvrxY57J8UBDpDLn6qsxW5 +zWMd0BTB4ZDCjYanflbSpE0uDdUiPtzgJl9V0ZgmMAztmxncZ5CQXPNnpiIqGfll +EEqonPes8rvZVZIKLlHYT6oRzUVN2CZ5bJ+3d+zh7FRwyxwRgCkalqWwyzOB5k2z +Nr+xz4rlpunP3ZvB7FWvRWvPM8fL9wq70VxsVN/lcMcOlBVBIOKf8hZ6x0LJglUp +BRaT4xbr9FESnGC5DZEwyG6eOoKjLcyKdnlkjwFhrE7av3ecg5Hkd1nA2nbGcJut +Vk4VCNc5tICXMBnlPUYtks5ygX5tVYPnr8QuV3TaKS2vUw9OJngDHK3Z1kT46Jr9 +BzVJDLSLT1X3zZAMueDt1bfI/1HLSrsThHmB+AMk8GCvTWC2iAHAMVHePQIDAQAB +o3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRl +ZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUBlwsp45SF2DGFcDRc6zNC7L78t4wHwYD +VR0jBBgwFoAUCTCQCUSrwirBoqDckdonkiepbVgwDQYJKoZIhvcNAQELBQADggIB +AKzvWgwXZeUVtNT7Qym0XAyEX/EAiqqtgQEzJzjJRsN1k8S+ncNrxco9QbYzIYjz +Mo53Ny5Ox9uMUSndljbvOG1idWwtKtZBL3SrNrQHifdKZQzy0lV0IVIbsTmBZAGs +UuNZ+a8q54KJoVIsG8GoLFkYg7MsIkiXQN4sSfVQ51zDmbtMfND6fL7juO/bMfd5 +/JptmEIrnfDBph66US3dcH8MMZoBFyIWMXKBfK8BkYrFxagFPzKEBaZFbQPbT0hR +lLWcDTtXYtOEw9DSIGxjt9QV97evO8UYiVR2d2CLog9EARthp0EID18tRSea9Uca +XtahzknF/ReK78ijrrgw5rEfFidszI2eAzlQHFz2E3Heemxun3J/QdEhSPAwC9nJ +7uMjvlqQ3UhI5wbQW1QC+rCveffCk7Huw72V7wFFa9MarqtKY8MfuvntIeqx1N5o +8fdql8YNYXDL7bYxXUWbkI/id6nTFuQ3hupj5nvLYrU4ltOL7xGlOOYaxE9sy/R6 +Itz+kFzwPN9DLOCdr6LMEj8d5Qqhy34eZH3L5nqAyiMlqqVfdmn4kTCcji4s5a2B +lQeqxGmb+todAGE76Jvq3Rawxy/uN+qSsOC0uZjiptCV5MT/bDtcJqbSD18Ihke3 +qL4PECXndgAYi75EVIzlgCiYeF0B7BGy1BdlhRjvg21z +-----END CERTIFICATE----- diff --git a/ansible/roles/router/templates/certs/phobos.mars.sigsegv.be.pem b/ansible/roles/router/templates/certs/phobos.mars.sigsegv.be.pem new file mode 100644 index 0000000..92738ec --- /dev/null +++ b/ansible/roles/router/templates/certs/phobos.mars.sigsegv.be.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFwTCCA6mgAwIBAgIDEABuMA0GCSqGSIb3DQEBCwUAMHAxCzAJBgNVBAYTAkJF +MRcwFQYDVQQIEw5WbGFhbXMtQnJhYmFudDETMBEGA1UEBxMKR3JpbWJlcmdlbjEQ +MA4GA1UEChMHU2lnc2VndjEhMB8GCSqGSIb3DQEJARYSa3Jpc3RvZkBzaWdzZWd2 +LmJlMB4XDTIzMTIxMzA5NTUwNloXDTI2MDIxOTA5NTUwNlowWTELMAkGA1UEBhMC +QkUxFzAVBgNVBAgMDlZsYWFtcy1CcmFiYW50MRAwDgYDVQQKDAdTaWdzZWd2MR8w +HQYDVQQDDBZwaG9ib3MubWFycy5zaWdzZWd2LmJlMIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEA240Oqz8ZML94b7HomUXl0RmxkSvt21inhAfQDfnIaVyD +VARMTfUSukKZv68HFAFXr41sfNOzheVnsBkKNjraf4qwU6v4FVmb9iOkZ1MoVb7V +qHJ1qMRjTf33HbL4LcOCYz/nx+OkpKRrayCh6AQjWQzJblqZKAj3vtTkfJ/y8Bx+ +I5H52cCmhs+FBuu7SyOzAHbdqYNg4oJvVu4/256Z33w3iyMF4TshtcheiD8VBfdL +QDaqIc+f8vx4/W3VibAkbJiGeWDglRIH65ZjJXPgCfwi45vGRSAhuYbqQTTQBjBb +fsQKdg14L1JE/CxLZAhzticWBAG6J3IqdRnO3/2zwaWI2i2QM4LaZW/l3sawUeJk +QEUGVweQDOMWclE51HT5cp78b0Mu9wY7CDUrMI0pIb+M1+B6QhSuLPZGqagOQ8uS +ktWgfyTW9N+LqcQ7+rpJ9jqbPbDD8qwf/Q21FVTiG2C5Ey3RAr0ThXk1RGEyQ++O +drlS68voYighoQfVJkdsLoQ0dO9Jj620E0PuPwjnCpwEH1vFoii/nTHqsndjAHgz +YGAgSaBPXUOEMp2pTmk9PvOYKTu2lL7nIWjLyASiIeg9B9+L0ZIf19yPJKEMWcNg +cGiIHXS/EbDeieXLeSaRBd9T2D2kN6Ik54bTpifFvszHozdK1+FZSJJUaxMUFgkC +AwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5l +cmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFEIXof633BLZu9wvWxQEGRpKU8us +MB8GA1UdIwQYMBaAFAkwkAlEq8IqwaKg3JHaJ5InqW1YMA0GCSqGSIb3DQEBCwUA +A4ICAQBrS9Yc/BerPKmvL+TBFRtEfqnT/UH3CrULo0Z+xp/FgLEj2WgO6h90HwUT +K+wm1vUCKBaiZOjaxrMLMQgHn+FvHtbiGI5uSlJKgD7CzEd/iogr/9U3PpWFkAYN +bBTLqcbxD2Emg3EDslWBGd9DIWSXKizitJedCkvvykpO6wkISFoVQ0UVw7MyT5tO +wNdssgJN4qkETS/asInrhVQLmkEUczjNDL21AuEGOsH0OMXJxmWWoKoZb6F9cMup +wYDKbZwuW77Qv/PNXpJ7CgJCKSnIGiQpivnMYxyOWLtFY4vSm8oXd9o73CgNXT/e +9sFEpBQFDPIT393aFF0eJSNq9sL3LnGW+L/eOWbEWMOCh73/Naj5W1wmM7pl7D55 +SD6dqqayMEnb8Nf9icF3pk3XNnW0zBM9gVaEeb5dm86WehiyvFQUS5MHMqc9rKyQ +McvVgcWPutc+TgearbgpNFsxuXqG7+Xl+f20o22AifeQUSrmFp1jJQAsoI3mjv/6 +e9GlJwA4mJVJNuhlrJgoOkt/YZiUCb0umaXXfBrElkn/wq5h47v5uysAJc0RfBcw +8SIIVPzpcNrrEG4RRJ0mdJ/J0pFNs61EGYa2ewvnyqBWEzDGukcRIoVB7CRZ6IDw +uzKsjvuJ2sAprZn/vHwfLMQW89QkaEr3i3g1gFMxJVVEPl/u9A== +-----END CERTIFICATE----- diff --git a/ansible/roles/router/templates/ipsec_iapetus.conf b/ansible/roles/router/templates/ipsec_iapetus.conf new file mode 100644 index 0000000..9379d0b --- /dev/null +++ b/ansible/roles/router/templates/ipsec_iapetus.conf @@ -0,0 +1,42 @@ +# ipsec.conf - strongSwan IPsec configuration file + +config setup + # strictcrlpolicy=yes + # uniqueids = no + nat_traversal=no + charonstart=yes + plutostart=yes + +conn jupiter + authby=pubkey + keyexchange=ikev2 + left=pfsense.sigsegv.be + leftid="CN=jupiter.sigsegv.be" + leftallowany=yes + leftsubnet=10.0.2.0/24,172.16.0.0/16 + leftcert=jupiter.sigsegv.be.pem + right=thuis.sigsegv.be + rightid="CN=iapetus.saturn.sigsegv.be" + rightallowany=yes + rightsubnet=10.0.1.0/24 + rightcert=iapetus.saturn.sigsegv.be.pem + auto=start + closeaction=restart + dpdaction=restart + +conn mars + authby=pubkey + keyexchange=ikev2 + left=natalie.sigsegv.be + leftid="CN=phobos.mars.sigsegv.be" + leftallowany=yes + leftsubnet=10.0.3.0/24 + leftcert=phobos.mars.sigsegv.be.pem + right=thuis.sigsegv.be + rightid="CN=iapetus.saturn.sigsegv.be" + rightallowany=yes + rightsubnet=10.0.1.0/24 + rightcert=iapetus.saturn.sigsegv.be.pem + auto=start + closeaction=restart + dpdaction=restart -- 2.51.0