{"id":19647872,"url":"https://github.com/nl2go/ansible-role-network-encryption","last_synced_at":"2025-10-25T22:39:30.358Z","repository":{"id":101457713,"uuid":"234281937","full_name":"nl2go/ansible-role-network-encryption","owner":"nl2go","description":"An Ansible Role that manages network encryption between inventory hosts based on IPsec / strongSwan.","archived":false,"fork":false,"pushed_at":"2020-04-08T07:55:07.000Z","size":41,"stargazers_count":5,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-30T17:51:11.667Z","etag":null,"topics":["ansible","ansible-role","ipsec","network","network-encryption","strongswan"],"latest_commit_sha":null,"homepage":"https://galaxy.ansible.com/nl2go/network_encryption","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nl2go.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-01-16T09:22:09.000Z","updated_at":"2024-04-05T14:23:58.000Z","dependencies_parsed_at":null,"dependency_job_id":"e41dad67-5122-4289-b5e6-6835d7a036b1","html_url":"https://github.com/nl2go/ansible-role-network-encryption","commit_stats":null,"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nl2go%2Fansible-role-network-encryption","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nl2go%2Fansible-role-network-encryption/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nl2go%2Fansible-role-network-encryption/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nl2go%2Fansible-role-network-encryption/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nl2go","download_url":"https://codeload.github.com/nl2go/ansible-role-network-encryption/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251741347,"owners_count":21636232,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","ansible-role","ipsec","network","network-encryption","strongswan"],"created_at":"2024-11-11T14:46:17.537Z","updated_at":"2025-10-25T22:39:30.268Z","avatar_url":"https://github.com/nl2go.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![Travis (.org) branch](https://img.shields.io/travis/nl2go/ansible-role-network-encryption/master)](https://travis-ci.org/nl2go/ansible-role-network-encryption)\n[![Codecov](https://img.shields.io/codecov/c/github/nl2go/ansible-role-network-encryption)](https://codecov.io/gh/nl2go/ansible-role-network-encryption)\n[![Ansible Galaxy](https://img.shields.io/badge/role-nl2go.network_encryption-blue.svg)](https://galaxy.ansible.com/nl2go/network_encryption/)\n[![GitHub tag (latest by date)](https://img.shields.io/github/v/tag/nl2go/ansible-role-network-encryption)](https://galaxy.ansible.com/nl2go/network_encryption)\n[![Ansible Galaxy Downloads](https://img.shields.io/ansible/role/d/46005.svg?color=blue)](https://galaxy.ansible.com/nl2go/network_encryption/)\n\n# Ansible Role: Network Encryption\n\nAn Ansible Role that manages network encryption between inventory hosts based on [IPsec](https://de.wikipedia.org/wiki/IPsec) / [strongSwan](https://www.strongswan.org/).\n\n## Requirements\n\n| Name | Type | Version | Location |\n|---|---|---|---|\n| [ansible-filter](https://github.com/nl2go/ansible-filter) | Python package | 1.0.0 | Control node |\n\n\n## Role Variables\n\nAvailable variables are listed below, along with default values (see `defaults/main.yml`):\n\n network_encryption_charon_port: 500\n \nUDP port used locally. If set to 0 a random port will be allocated (s. [strongswan.conf](https://wiki.strongswan.org/projects/strongswan/wiki/StrongswanConf)).\n\n network_encryption_port_nat_t: 4500\n \nUDP port used locally in case of NAT-T. If set to 0 a random port will be allocated. Has to be different from charon.port, otherwise a random port will be allocated (s. [strongswan.conf](https://wiki.strongswan.org/projects/strongswan/wiki/StrongswanConf)).\n\n network_encryption_configs:\n - name: default\n psk: secret\n \nConfiguration sets must be configured using `network_encryption_configs` variable. The `name` of the configuration set is mandatory and\nused for identification. Pre-shared key can be specified using `psk`.\n\n network_encryption_host_configs:\n - name: default\n\nHosts can be attached to a configuration set using `network_encryption_host_configs` variable. Configuration sets are referenced by `name`. \n\n network_encryption_host_configs:\n - name: default\n state: absent\n\nA host can be detached from the configuration set using `state: absent`. \n\n network_encryption_configs:\n - name: default\n interface: eth0\n psk: secret\n\nThe interface can be specified using `interface` variable. If not specified, it defaults to `ansible_default_ipv4.interface`.\n\n network_encryption_configs:\n - name: default\n psk: secret\n params:\n lifetime: 8h\n \nGeneral connection parameters like `lifetime` may be set within `params` section (s. [ipsec.conf](https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection) for full parameter description).\n\n network_encryption_default_config_params:\n ike: aes256gcm16-prfsha384-modp4096,aes256gcm16-prfsha384-ecp384!\n esp: aes256gcm16-modp4096,aes256gcm16-ecp384!\n keyingtries: 0\n ikelifetime: 1h\n lifetime: 8h\n dpddelay: 30\n dpdtimeout: 120\n dpdaction: clear\n authby: secret\n keyexchange: ikev2\n type: tunnel\n\nThe `params` within `network_encryption_configs` extend/override default connection parameters present above. \n\n network_encryption_config_dir: \"/etc/ipsec.d/{{ role_name }}\"\n \nDefines the custom IPsec configuration directory for isolation purposes.\n\n## Tags\n\nTags can be used to limit the role execution to a particular task module. Following tags are available:\n\n- `network_encryption`: Covers the full role lifecycle.\n- `network_encryption_install`, `install`: Installs required packages\n- `network_encryption_config`, `config`: Configures required packages\n\n## Dependencies\n\nNone.\n\n## Example Playbook\n\n - hosts: all\n roles:\n - nl2go.network_encryption\n \n## Development\nUse [docker-molecule](https://github.com/nl2go/docker-molecule) following the instructions to run [Molecule](https://molecule.readthedocs.io/en/stable/)\nor install [Molecule](https://molecule.readthedocs.io/en/stable/) locally (not recommended, version conflicts might appear).\n\n\nUse following to run tests:\n\n molecule test --all\n\n## Maintainers\n\n- [build-failure](https://github.com/build-failure)\n\n## License\n\nSee the [LICENSE.md](LICENSE.md) file for details.\n\n## Author Information\n\nThis role was created by in 2019 by [Newsletter2Go GmbH](https://www.newsletter2go.com/).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnl2go%2Fansible-role-network-encryption","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnl2go%2Fansible-role-network-encryption","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnl2go%2Fansible-role-network-encryption/lists"}