Page History

apiVersion: sdewan.akraino.org/v1alpha1
kind: IPSecSite
metadata:
  name: siteA
spec:
  node: node1
  - gateway: 192.168.1.11
  pre_shared_key: test123
  auth_method: psk
  local_identifier: @moon.strongswan.org
  remote_identifier: @sun.strongswan.org
  crypto_proposal: proposal1
  force_crypto_proposal: true
  connection:
  - name: connA
    type: tunnel
    mode: start
    local_subnet: 10.1.0.1/24
    local_sourceip: 192.168.1.10
    local_firewall: yes
    remote_subnet: 10.2.0.1/24
    remote_firewall: yes
    keyexchange: ikev2
    crypto_proposal: proposal1
  proposals:
    - name: proposal1
      encryption_algorithm: aes128
      hash_algorithm: sha256
      dh_group: modp3072

apiVersion: sdewan.akraino.org/v1alpha1
kind: IPSecSite
metadata:
  name: siteB
spec:
  node: node2
  - gateway: 192.168.1.10
  pre_shared_key: test123
  auth_method: psk
  local_identifier: @moon.strongswan.org
  remote_identifier: @sun.strongswan.org
  crypto_proposal: proposal1
  force_crypto_proposal: true
  connection:
  - name: connA
    type: tunnel
    mode: start
    local_subnet: 10.2.0.1/24
    local_sourceip: 192.168.1.11
    local_firewall: yes
    remote_subnet: 10.1.0.1/24
    remote_firewall: yes
    keyexchange: ikev2
    crypto_proposal: proposal1
  proposal:
    - name: proposal1
      encryption_algorithm: aes128
      hash_algorithm: sha256
      dh_group: modp3072

apiVersion: sdewan.akraino.org/v1alpha1
kind: IPSecSite
metadata:
  name: siteA
spec:
  node: node1
  - gateway: 192.168.1.15
  pre_shared_key: test123
  auth_method: psk
  local_identifier: @sun.strongswan.org
  remote_identifier: @roadwarrior.strongswan.org
  crypto_proposal: proposal1
  force_crypto_proposal: true
  connection:
  - name: connA
    type: tunnel
    mode: start
    local_subnet: 10.1.0.1/24
    local_sourceip: 192.168.1.10
    remote_sourceip: 192.168.1.15
    crypto_proposal: proposal1
  proposal:
    - name: proposal1
      encryption_algorithm: aes128
      hash_algorithm: sha256
      dh_group: modp3072

apiVersion: sdewan.akraino.org/v1alpha1
kind: IPSecSite
metadata:
  name: roadwarrior
spec:
  node: roadwarrior
-  gateway: 192.168.1.10
  pre_shared_key: test123
  auth_method: psk
  local_identifier: @roadwarrior.strongswan.org
  remote_identifier: @sun.strongswan.org
  crypto_proposal: "proposal1"
  force_crypto_proposal: true
  connection:
  - name: connA
    type: tunnel
    mode: start
    local_sourceip: 192.168.1.15
    remote_subnet: 10.1.0.1/24
    remote_sourceip: 192.168.1.10
    crypto_proposal: proposal1
  proposal:
    - name: proposal1
      encryption_algorithm: aes128
      hash_algorithm: sha256
      dh_group: modp3072

apiVersion: sdewan.akraino.org/v1alpha1
kind: IPSecSite
metadata:
  name: siteA
spec:
  node: node1
  - gateway: any
  pre_shared_key: test123
  auth_method: psk
  local_identifier: @moon.strongswan.org
  remote_identifier: @roadwarrior.strongswan.org
  crypto_proposal: proposal1
  force_crypto_proposal: true
  connection:
  - name: connA
    type: tunnel
    mode: start
    local_subnet: 10.1.0.1/24
    local_sourceip: 192.168.1.10
    local_firewall: yes
    remote_sourceip: 10.3.0.1/24
    remote_firewall: yes
    crypto_proposal: "proposal1"
  proposal:
    - name: proposal1
      encryption_algorithm: aes128
      hash_algorithm: sha256
      dh_group: modp3072

apiVersion: sdewan.akraino.org/v1alpha1
kind: IPSecSite
metadata:
  name: roadwarrior
spec:
  node: roadwarrior
 - gateway: 192.168.1.10
  pre_shared_key: test123
  auth_method: psk
  local_identifier: @roadwarrior.strongswan.org
  remote_identifier: @moon.strongswan.org
  crypto_proposal: proposal1
  force_crypto_proposal: true
  connection:
  - name: connA
    type: tunnel
    mode: start
    local_sourceip: %config
    local_firewall: yes
    remote_subnet: 10.1.0.1/24
    remote_sourceip: 192.168.1.10
    remote_firewall: yes
    crypto_proposal: "proposal1"
  proposal:
    - name: proposal1
      encryption_algorithm: aes128
      hash_algorithm: sha256
      dh_group: modp3072