Skip to content

racoon job from ipsec/2

Github source: 4fd663d9 or master branch

Properties

racoon

certificate_authority_cert

certificate of ca

Default
""

certificate_authority_private_key

private key of ca

Default
""

dh_group

Diffie-Hellman group

Default
"2"

disabled

Disable ipsec globally

Default
false

inner_lifetime

lifetime which will be proposed in phase 1 SA proposal

Default
1 hour

level

Means to turn ipsed on and off without causing a downtime (see README.md file)

Default
require

outer_lifetime

lifetime which will be proposed in phase 1 negotiation

Default
2 hours

pfs_group

Perfect-Forward-Secrecy group (see racoon documentation)

Default
"2"

phase1_encryption

Specifies the encryption algorithm used for the phase 1 negotiation. Possible values are des, 3des, blowfish, cast128, aes, or camellia

Default
aes

phase1_hash_algorithm

Defines the hash algorithm used for phase 1 negotiation. Possible values are md5, sha1, sha256, sha384, or sha512

Default
sha256

phase2_authentication_algorithm

Authentication algorithm for phase 2 authentication. Possible values are des, 3des, des_iv64, des_iv32, hmac_md5, hmac_sha1, hmac_sha256, hmac_sha384, hmac_sha512, non_auth

Default
hmac_sha256

phase2_encryption

Defines the encryption algorithm used for phase 2. Possible values are des, 3des, des_iv64, des_iv32, rc5, rc4, idea, 3idea, cast128, blowfish, null_enc, twofish, rijndael, aes, camellia

Default
aes

ports

Array of IP addresses participating in IPSEC transport mode. See README.md file for further information

racoon_log_level

Log level for racoon. Possible values are warning, notify, info, debug or debug2

Default
info

verify_certificate

on or off

Default
"on"

Templates

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/racoon/ directory (learn more).

  • bin/monit_debugger (from bin/monit_debugger)
  • bin/pre-start (from bin/pre-start)
  • bin/racoon_ctl (from bin/racoon_ctl.erb)
  • data/properties.sh (from data/properties.sh.erb)
  • etc/racoon/certs/ca.crt (from etc/racoon/certs/ca.crt.erb)
  • etc/racoon/certs/ca_pkey.pem (from etc/racoon/certs/ca_pkey.pem.erb)
  • etc/racoon/certs/openssl-exts.conf (from etc/racoon/certs/openssl-exts.conf.erb)
  • etc/racoon/racoon.conf (from etc/racoon/racoon.conf.erb)
  • etc/setkey.conf (from etc/setkey.conf.erb)
  • helpers/ctl_setup.sh (from helpers/ctl_setup.sh)
  • helpers/ctl_utils.sh (from helpers/ctl_utils.sh)

Packages

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.