{"id":18802279,"url":"https://github.com/oracle-quickstart/oci-ipsec-libreswan","last_synced_at":"2026-01-05T02:30:17.579Z","repository":{"id":106380281,"uuid":"438300883","full_name":"oracle-quickstart/oci-ipsec-libreswan","owner":"oracle-quickstart","description":"Programmatically spin up an environment for quick functional testing of IPSec Customizations leveraging Terraform and Ansible.","archived":false,"fork":false,"pushed_at":"2023-01-26T16:05:47.000Z","size":307,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"main","last_synced_at":"2024-12-29T20:16:00.545Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/oracle-quickstart.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-12-14T15:18:32.000Z","updated_at":"2024-04-01T06:17:16.000Z","dependencies_parsed_at":null,"dependency_job_id":"262c1b63-a175-42ac-b083-a0a6bb2c80a9","html_url":"https://github.com/oracle-quickstart/oci-ipsec-libreswan","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oracle-quickstart%2Foci-ipsec-libreswan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oracle-quickstart%2Foci-ipsec-libreswan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oracle-quickstart%2Foci-ipsec-libreswan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oracle-quickstart%2Foci-ipsec-libreswan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/oracle-quickstart","download_url":"https://codeload.github.com/oracle-quickstart/oci-ipsec-libreswan/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239735262,"owners_count":19688262,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-07T22:27:19.751Z","updated_at":"2026-01-05T02:30:17.507Z","avatar_url":"https://github.com/oracle-quickstart.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv id=\"top\"\u003e\u003c/div\u003e\n\u003c!--\n*** Thanks for checking out the Best-README-Template. If you have a suggestion\n*** that would make this better, please fork the repo and create a pull request\n*** or simply open an issue with the tag \"enhancement\".\n*** Don't forget to give the project a star!\n*** Thanks again! Now go create something AMAZING! :D\n--\u003e\n\n\n\n\u003c!-- PROJECT SHIELDS --\u003e\n\u003c!--\n*** I'm using markdown \"reference style\" links for readability.\n*** Reference links are enclosed in brackets [ ] instead of parentheses ( ).\n*** See the bottom of this document for the declaration of the reference variables\n*** for contributors-url, forks-url, etc. This is an optional, concise syntax you may use.\n*** https://www.markdownguide.org/basic-syntax/#reference-style-links\n--\u003e\n\u003c!-- [![Contributors][contributors-shield]][contributors-url] --\u003e\n\n[![LinkedIn][linkedin-shield]][linkedin-url]\n![GitHubForks][forks-shield]\n![GitHubIssues][issues-shield]\n![GitHubRepoStars][stars-shield]\n![GitHubDownloads][downloads-shield]\n\n\u003c!-- PROJECT LOGO --\u003e\n\u003cbr /\u003e\n\u003cdiv align=\"center\"\u003e\n\n  \u003ch3 align=\"center\"\u003eIPSec Site-to-Site Tunnel with OCI \u0026 Libreswan VPN\u003c/h3\u003e\n\n\u003c/div\u003e\n\n\n\n\u003c!-- TABLE OF CONTENTS --\u003e\n\u003cdetails\u003e\n  \u003csummary\u003eTable of Contents\u003c/summary\u003e\n  \u003col\u003e\n    \u003cli\u003e\n      \u003ca href=\"#about-the-project\"\u003eAbout The Project\u003c/a\u003e\n      \u003cul\u003e\n        \u003cli\u003e\u003ca href=\"#built-with\"\u003eBuilt With\u003c/a\u003e\u003c/li\u003e\n      \u003c/ul\u003e\n    \u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"#Summary-of-OCI-Networking-and-Compute-Services\"\u003eSummary of OCI Networking and Compute Services\u003c/a\u003e\u003c/li\u003e        \n    \u003cli\u003e\n      \u003ca href=\"#getting-started\"\u003eGetting Started\u003c/a\u003e\n      \u003cul\u003e\n        \u003cli\u003e\u003ca href=\"#prerequisites\"\u003ePrerequisites\u003c/a\u003e\u003c/li\u003e\n        \u003cli\u003e\u003ca href=\"#installation\"\u003eInstallation\u003c/a\u003e\u003c/li\u003e\n      \u003c/ul\u003e\n    \u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"#Known Issues\"\u003eKnown Issues\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"#contact\"\u003eContact\u003c/a\u003e\u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"#acknowledgments\"\u003eAcknowledgments\u003c/a\u003e\u003c/li\u003e\n  \u003c/ol\u003e\n\u003c/details\u003e\n\n\n\n\u003c!-- ABOUT THE PROJECT --\u003e\n## About The Project\n\nAs cloud adoption continues to gain momentum in 2021, IPSec Tunnels remain a de facto standard for customers to establish secure access across their multi-cloud environments.  IPSec can be thought of as a security framework that consists of protocols responsible for negotiating IPSec parameters and defining how the IPSec protocol encapsulates, authenticates and encrypts the data within the tunnel.  We are pleased to announce the general availability of IPSec Tunnel Customizations for Oracle Cloud Infrastructure (OCI) Site-to-Site VPN Connect v2 service.  We're enabling this feature to address demands for new use cases around flexibility, standardization, compliance and operational efficiency when designing and deploying Site-to-Site IPSec VPN tunnels.\n\nEnabling IPSec Customizations for Site-to-Site VPN tunnels provides the following additional capabilities and benefits:\n\n**Use Cases:**\n\n* Flexibility, Standardization and Compliance  - Customers can now comply with their best practice configuration standards with flexibility to support various combinations of phase 1 and phase 2 IKE proposals and combinations of security association lifetimes, dead peer detection, IKE initiation and NAT translation settings.  For example, it's now possible to send ONLY approved phase 1 and phase 2 parameters to meet internal/external security compliance policies or vendor CPE compatibility. \n* Operational Efficiency - You can now view the security associations for a tunnel within the console to better troubleshoot errors. Additionally, tunnels that use BGP routing will now show the routes received and sent to the Customer-Premises Equipment (CPE) which aids in the verification, validation and troubleshooting of BGP routing over the tunnel.  Lastly, when Oracle detects an issue that prevents the establishment of an IPSec tunnel, the console will show troubleshooting information to assist with tunnel set up.\n\nThe objective of this project is as follows: Programmatically spin up an environment for quick functional testing of IPSec Customizations leveraging Terraform and Ansible.\n\n\n#### Built With:\n\nBelow are the versions of software that were used at the time this code was created.\n\n* [Libreswan](https://libreswan.org/), version = 4.5\n* [Quagga](https://www.quagga.net/), version = 1.2.0\n* [Terraform](https://www.terraform.io/), version = 1.1.3\n* [OCI Terraform Provider](https://registry.terraform.io/providers/hashicorp/oci/latest), version = 4.58.0\n* [Ansible](https://www.ansible.com/), version = core 2.12.1\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n## Summary of OCI Networking and Compute Services\n\nThis setup leverages two Oracle Cloud Infrastructure VCNs within the same tenancy - acting as on-premises and cloud data centers.\n\n**Oracle Cloud Infrastructure Side:**\n* VCN\n* Subnet\n* Route Table and Rules\n* Security List and Rules\n* Dynamic Routing Gateway (DRG)\n* Internet Gateway (IGW)\n* IPSec Connection\n* Route Import Distribution Lists and Rules\n* A compute instance for connectivity testing within the OCI VCN\n\n**On-Premises Side:**\n* VCN\n* Subne\n* Route Table and Rules\n* Security List and Rules\n* Internet Gateway (IGW)\n* A Libreswan compute instance acting as the CPE device in this scenario\n\n##Architecture Diagram\n![Screenshot](./images/architecture.png)\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n\u003c!-- GETTING STARTED --\u003e\n## Getting Started\n\n### Prerequisites\n1. Install Terraform\n2. Install Ansible\n3. Access to Oracle CLoud Infastructure\n3. Download or clone the repo to your local machine\n  ```sh\n  git clone git@github.com:oracle-quickstart/oci-ipsec-libreswan.git\n  ```\n4. Update the *variables.tf* or terraform.tfvars file tom match your enviornment\n5. Update the *libreswan.j2* file with the tunnel IP addresses\n6. Run Terraform\n  ```sh\n  terraform init\n  terraform plan\n  terraform apply\n  ```\n\n\u003c!-- CONTRIBUTING --\u003e\n## Contributing\n\nContributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are **greatly appreciated**.\n\nIf you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag \"enhancement\".\nDon't forget to give the project a star! Thanks again!\n\n1. Fork the Project\n2. Create your Feature Branch (`git checkout -b feature/AmazingFeature`)\n3. Commit your Changes (`git commit -m 'Add some AmazingFeature'`)\n4. Push to the Branch (`git push origin feature/AmazingFeature`)\n5. Open a Pull Request\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n\u003c!-- CONTACT --\u003e\n## Known Issues\n\n1. IPSEC Tunnel renaming Error\n\nThe following error is a know issue and will occur on first Terraform apply.  Re-apply Terraform and the issue will resolve on its own as a workaround\n\n```Error: 409-IncorrectState \n│ Provider version: 4.56.0, released on 2021-12-08.  \n│ Service: Core Ip Sec Connection Tunnel Management \n│ Error Message: Resource ocid1.iterrpsecconnection.oc1.iad.aaaaaaaa27zc7qypdgg47yl3qt7tltnx4no57k2ypxpm63vmcrmamthcciza is in an invalid state Provisioning \n│ OPC request ID: 1e68bf5cb7e3cabcd2b581e272a3786d/EDCB425B3A799CD3DAB519A133EE0443/D85A86FA9B06CF360219D4CA8F309170 \n│ Suggestion: The resource is in a conflicted state. Please retry again or contact support for help with service: Core Ip Sec Connection Tunnel Management\n│ \n│ \n│   with oci_core_ipsec_connection_tunnel_management.oci-ipsec-connection-tunnel-management-b,\n│   on networking.tf line 305, in resource \"oci_core_ipsec_connection_tunnel_management\" \"oci-ipsec-connection-tunnel-management-b\":\n│  305: resource \"oci_core_ipsec_connection_tunnel_management\" \"oci-ipsec-connection-tunnel-management-b\" {\n  ```\n\n\u003c!-- CONTACT --\u003e\n## Contact\n\nTroy Levin - feedback_oci_virtual_networking_us_grp@oracle.com\n\nProject Link: [https://github.com/oracle-quickstart/oci-ipsec-libreswan](https://github.com/oracle-quickstart/oci-ipsec-libreswan)\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n\u003c!-- MARKDOWN LINKS \u0026 IMAGES --\u003e\n\u003c!-- https://www.markdownguide.org/basic-syntax/#reference-style-links --\u003e\n\n[issues-shield]: https://img.shields.io/github/issues/oracle-quickstart/oci-ipsec-libreswan?logo=GitHub\n[forks-shield]: https://img.shields.io/github/forks/oracle-quickstart/oci-ipsec-libreswan?logo=Github\n[stars-shield]: https://img.shields.io/github/stars/oracle-quickstart/oci-ipsec-libreswan?logo=GitHub\n[linkedin-shield]: https://img.shields.io/badge/-LinkedIn-black.svg?style=flat\u0026logo=linkedin\u0026colorB=555\n[linkedin-url]: https://www.linkedin.com/in/troy-levin-6bb9a94/\n[product-screenshot]: images/screenshot.png\n[downloads-shield]: https://img.shields.io/github/downloads/oracle-quickstart/oci-ipsec-libreswan/total?logo=Github ","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foracle-quickstart%2Foci-ipsec-libreswan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Foracle-quickstart%2Foci-ipsec-libreswan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foracle-quickstart%2Foci-ipsec-libreswan/lists"}