cookbook 'strongswanaws', '= 0.1.5'
strongswanaws (5) Versions 0.1.5 Follow4
Installs/Configures StrongSwan
cookbook 'strongswanaws', '= 0.1.5', :supermarket
knife supermarket install strongswanaws
knife supermarket download strongswanaws
StrongSwan AWS Cookbook
Contents
- Summary
- Requirements
- Supported Platforms
- Cookbook Dependencies
- Attributes
- Data Bags
- Recipes
- Usage
- Resources
Summary
The StrongSwan AWS Cookbook creates an AWS-compatible IPSec tunnel on a node.
Requirements
This cookbook works with StrongSwan, an open-source IPSec-based VPN solution.
It has been tested with StrongSwan 5.1.2
, as packaged for Ubuntu.
Supported Platforms
.------------------------.
| Distribution | Version |
|------------------------|
| Ubuntu | 14.04 |
'------------------------'
Cookbook Dependencies
This cookbook does not depend on any other cookbooks.
Attributes
This cookbook uses the following attributes.
.-------------------------------------------------------------------------------------------.
| Key | Type | Description | Default |
|-------------------------------------------------------------------------------------------|
| ['awsstrongswan']['debug'] | Boolean | Cause charon to log debug information | true |
| ['awsstrongswan']['tunnels'] | Array | Tunnels to which to connect | empty [] |
'-------------------------------------------------------------------------------------------'
These attributes can be set as below.
['awsstrongswan']['debug']
:
"default_attributes": { "strongswanaws": { "debug": true } }
['awsstrongswan']['tunnels']
:
"default_attributes": { "strongswanaws": { "tunnels": [ { "name": "tunnel-to-other-vpc", "local_network": "10.10.0.0/16", "remote_network": "10.11.0.0/16", "tunnel_ip": "1.2.3.4" } ] } }
Data Bags
This cookbook makes use of a data bag named strongswanaws
.
The data bag should contain a single item named tunnel_keys
.
The item tunnel_keys
should look as shown below.
{ "id": "tunnel_keys", "key_configs": [ { "name": "tunnel-to-other-vpc", "psk": "Ep53A1ZqY6f.KWO90LABLzfRZyf62GyM", "source_ips": [ "1.2.3.4" ] } ] }
There may be zero or more tunnels in the tunnel_keys
list.
Recipes
This cookbook contains the following recipes.
strongswanaws::default
- This recipe is empty. It allows the cookbook to be included without running an action.-
strongswanaws::server
- This recipe does the following.- Installs StrongSwan
- Sets system-wide limits with
sysctl
- Runs Charon
- Sets StrongSwan start on boot
-
strongswanaws::tunnels
- This recipe does the following.- Writes PSK's to the secrets file
- Configures tunnels to which StrongSwan will connect
Usage
Include the server
recipe to only install StrongSwan and set system limits.
"run_list": [ "recipe[strongswanaws::server]" ]
Include both server
and tunnels
recipes to configure StrongSwan to establish one or more IPSec sessions.
"run_list": [ "recipe[strongswanaws::server]", "recipe[strongswanaws::tunnels]", ]
Resources
strongswanaws::connection
- Add an IPSec session for StrongSwan to establish
Parameters:
-
connection_name
- A string to label an IPSec session (name attribute) -
local_network
- A CIDR-formatted network address (required) -
remote_network
- A CIDR-formatted network address (required) -
remote_gateway
- An IPv4 address (required) -
startup_operation
- A string to indicate the desired initial state of the tunnel (one of 'add', 'route', 'start')
Example:
strongswanaws_connection 'remote_tunnel' do connection_name 'remote_tunnel' local_network '10.10.0.0/16' remote_network '10.11.0.0/16' remote_gateway '1.2.3.4' startup_operation 'start' end
Dependent cookbooks
This cookbook has no specified dependencies.
Contingent cookbooks
There are no cookbooks that are contingent upon this one.
0.1.0
Initial release of strongswanaws
Foodcritic Metric
0.1.5 passed this metric
0.1.5 passed this metric