Skip to content

Playbook needed for IPSec management #5

New issue
New issue
Open
Open
Playbook needed for IPSec management#5
Labels
automationenhancementhelp wantedsecurity
@KellerFuchs

Description

@KellerFuchs
KellerFuchs
opened on Nov 10, 2015

I would like to propose a way to setup IPSec in transport mode between all our machines, because:

  • we can ;)
  • it makes sure that communication between our boxes is authenticated and encrypted (I haven't reviewed the TLS settings for everything, and that would be a daunting task...)
  • it hides some communication metadata (protocol & port).

However, managing a full mesh by hand is not going to be fun, so we should have a playbook that:

  • fetches the IPSec pubkeys, and make the server generate keys if needed;
  • sends the pubkeys to all servers (or as a hash in the config?);
  • generate the StrongSwan config from a template;
  • reloads.

Metadata

Metadata

Assignees

No one assigned

    Labels

    automationenhancementhelp wantedsecurity

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions