-
Notifications
You must be signed in to change notification settings - Fork 52
pfsense_ipsec_p2
Frederic Bor edited this page Nov 2, 2019
·
2 revisions
> PFSENSE_IPSEC_P2 (/home/fbor/ansible/lib/ansible/modules/network/pfsense/pfsense_ipsec_p2.py)
Manage pfSense ipsec tunnels phase 2 options
* This module is maintained by The Ansible Community
OPTIONS (= is mandatory):
- aes
Set this option to enable AES encryption.
[Default: (null)]
type: bool
- aes128gcm
Set this option to enable AES128-GCM encryption.
[Default: (null)]
type: bool
- aes128gcm_len
AES128-GCM encryption key length
(Choices: auto, 64, 96, 128)[Default: (null)]
type: str
- aes192gcm
Set this option to enable AES192-GCM encryption.
[Default: (null)]
type: bool
- aes192gcm_len
AES192-GCM encryption key length
(Choices: auto, 64, 96, 128)[Default: (null)]
type: str
- aes256gcm
Set this option to enable AES256-GCM encryption.
[Default: (null)]
type: bool
- aes256gcm_len
AES256-GCM encryption key length
(Choices: auto, 64, 96, 128)[Default: (null)]
type: str
- aes_len
AES encryption key length
(Choices: auto, 128, 192, 256)[Default: (null)]
type: str
- aesxcbc
Set this option to enable AES-XCBC hashing.
[Default: (null)]
type: bool
- apply
Apply VPN configuration on target pfSense
[Default: True]
type: bool
- blowfish
Set this option to enable Blowfish encryption.
[Default: (null)]
type: bool
- blowfish_len
AES encryption key length
(Choices: auto, 128, 192, 256)[Default: (null)]
type: str
- cast128
Set this option to enable CAST128 encryption.
[Default: (null)]
type: bool
- des
Set this option to enable 3DES encryption.
[Default: (null)]
type: bool
= descr
The description of the ipsec tunnel phase2
type: str
- disabled
Set this option to disable this phase2 without removing it from the list.
[Default: (null)]
type: bool
- lifetime
Specifies how often the connection must be rekeyed, in seconds
[Default: 3600]
type: int
- local
Local network component of this IPsec security association.
[Default: (null)]
type: str
- md5
Set this option to enable MD5 hashing.
[Default: (null)]
type: bool
- mode
Method for managing ipsec traffic
(Choices: tunnel, tunnel6, transport, vti)[Default: (null)]
type: str
- nat
If NAT/BINAT is required on the local network specify the address to be translated
[Default: (null)]
type: str
= p1_descr
The description of the ipsec tunnel
type: str
- pfsgroup
PFS key group, 0 for off. DH groups 1, 2, 22, 23, and 24 provide weak security and should be avoided.
(Choices: 0, 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 28, 29, 30)[Default: 14]
type: str
- pinghost
Automatically ping host
[Default: (null)]
type: str
- protocol
Encapsulating Security Payload (ESP) is encryption, Authentication Header (AH) is authentication only.
(Choices: esp, ah)[Default: esp]
type: str
- remote
Remote network component of this IPsec security association.
[Default: (null)]
type: str
- sha1
Set this option to enable SHA1 hashing.
[Default: (null)]
type: bool
- sha256
Set this option to enable SHA256 hashing.
[Default: (null)]
type: bool
- sha384
Set this option to enable SHA384 hashing.
[Default: (null)]
type: bool
- sha512
Set this option to enable SHA512 hashing.
[Default: (null)]
type: bool
= state
State in which to leave the ipsec tunnel phase2
(Choices: present, absent)[Default: present]
type: str
AUTHOR: Frederic Bor (@f-bor)
METADATA:
status:
- preview
supported_by: community
EXAMPLES:
- name: Add simple phase2
pfsense_ipsec_p2:
p1_descr: test_tunnel
descr: test_p2
state: present
apply: False
mode: vti
local: 1.2.3.1
remote: 1.2.3.2
aes: True
aes_len: auto
sha256: True
- name: Remove phase2
pfsense_ipsec_p2:
state: absent
p1_descr: test_tunnel
descr: test_p2
apply: False
RETURN VALUES:
commands:
description: the set of commands that would be pushed to the remote device (if pfSense had a CLI)
returned: always
type: list
sample: ["create ipsec_p2 'test_p2' on 'test_tunnel', disabled='False', mode='vti', local='1.2.3.1', ...", "delete ipsec_p2 'test_p2' on 'test_tunnel'"]