Class: Construqt::Flavour::Mikrotik::Ipsec
- Inherits:
-
OpenStruct
- Object
- OpenStruct
- Construqt::Flavour::Mikrotik::Ipsec
- Defined in:
- lib/construqt/flavour/mikrotik/flavour_mikrotik_ipsec.rb
Instance Method Summary collapse
- #build_config(unused, unused2) ⇒ Object
-
#initialize(cfg) ⇒ Ipsec
constructor
A new instance of Ipsec.
- #set_ip_ipsec_peer(cfg) ⇒ Object
- #set_ip_ipsec_policy(cfg) ⇒ Object
Constructor Details
#initialize(cfg) ⇒ Ipsec
Returns a new instance of Ipsec.
6 7 8 |
# File 'lib/construqt/flavour/mikrotik/flavour_mikrotik_ipsec.rb', line 6 def initialize(cfg) super(cfg) end |
Instance Method Details
#build_config(unused, unused2) ⇒ Object
55 56 57 58 59 60 61 |
# File 'lib/construqt/flavour/mikrotik/flavour_mikrotik_ipsec.rb', line 55 def build_config(unused, unused2) set_ip_ipsec_peer("address" => IPAddress.parse("#{self.other.remote.first_ipv6.to_s}/128"), "local-address" => self.remote.first_ipv6, "secret" => Util.password(self.cfg.password)) set_ip_ipsec_policy("src-address" => self.my.first_ipv6, "sa-src-address" => self.remote.first_ipv6, "dst-address" => self.other.my.first_ipv6, "sa-dst-address" => self.other.remote.first_ipv6) end |
#set_ip_ipsec_peer(cfg) ⇒ Object
10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
# File 'lib/construqt/flavour/mikrotik/flavour_mikrotik_ipsec.rb', line 10 def set_ip_ipsec_peer(cfg) default = { "address" => Schema.network.required.key, "secret" => Schema.string.required, "local-address" => Schema.required.address, "passive" => Schema.boolean.default(false), "port" => Schema.int.default(500), "auth-method" => Schema.identifier.default("pre-shared-key"), "generate-policy" => Schema.identifier.default("no"), # "policy-group" => Schema.identifier.default("default"), "exchange-mode" => Schema.identifier.default("main"), "send-initial-contact" => Schema.boolean.default(true), "nat-traversal" => Schema.boolean.default(true), "proposal-check" => Schema.identifier.default("obey"), "hash-algorithm" => Schema.identifier.default("sha1"), "enc-algorithm" => Schema.identifier.default("aes-256"), "dh-group" => Schema.identifier.default("modp1536"), "lifetime" => Schema.interval.default("1d00:00:00"), "lifebytes" => Schema.int.default(0), "dpd-interval" => Schema.identifier.default("2m"), "dpd-maximum-failures" => Schema.int.default(5) } self.host.result.render_mikrotik(default, cfg, "ip", "ipsec", "peer") end |
#set_ip_ipsec_policy(cfg) ⇒ Object
35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 |
# File 'lib/construqt/flavour/mikrotik/flavour_mikrotik_ipsec.rb', line 35 def set_ip_ipsec_policy(cfg) default = { "sa-src-address" => Schema.address.required.key, "sa-dst-address" => Schema.address.required.key, "src-address" => Schema.network.required, "dst-address" => Schema.network.required, "src-port" => Schema.port.default("any"), "dst-port" => Schema.port.default("any"), "protocol" => Schema.identifier.default("all"), "action" => Schema.identifier.default("encrypt"), "level" => Schema.identifier.default("require"), "ipsec-protocols" => Schema.identifier.default("esp"), "tunnel" => Schema.boolean.default(true), "proposal" => Schema.identifier.default("s2b-proposal"), "priority" => Schema.int.default(0) } #puts "#{cfg['sa-src-address'].class.name}=>#{cfg['sa-dst-address'].class.name} #{cfg['src-address'].class.name}=>#{cfg['dst-address'].class.name} #{cfg.keys}" self.host.result.render_mikrotik(default, cfg, "ip", "ipsec", "policy") end |