Skip to content

pfsense_ipsec_proposal

Jump to bottom
Orion Poplawski edited this page Jan 13, 2023 · 4 revisions

pfsensible.core.pfsense_ipsec_proposal


        Manage pfSense IPsec proposals

ADDED IN: version 0.1.0 of pfsensible.core

OPTIONS (= is mandatory):

- apply
        Apply VPN configuration on target pfSense
        default: true
        type: bool

- descr
        The description of the IPsec tunnel on which to create/delete
        the proposal.
        default: null
        type: str

= dhgroup
        DH group. DH groups 1, 2, 22, 23, and 24 provide weak security
        and should be avoided.
        choices: [1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 28, 29, 30]
        type: int

= encryption
        Encryption algorithm. aes128gcm, aes192gcm and aes256gcm can
        only be used with IKEv2 tunnels. Blowfish, 3DES and CAST128
        provide weak security and should be avoided.
        choices: [aes, aes128gcm, aes192gcm, aes256gcm, blowfish, 3des, cast128]
        type: str

= hash
        Hash algorithm. MD5 and SHA1 provide weak security and should
        be avoided.
        choices: [md5, sha1, sha256, sha384, sha512, aesxcbc]
        type: str

- key_length
        Encryption key length
        choices: [64, 96, 128, 192, 256]
        default: null
        type: int

- prf
        PRF algorithm. Manual PRF selection is typically not required,
        but can be useful in combination with AEAD Encryption
        Algorithms such as AES-GCM
        choices: [md5, sha1, sha256, sha384, sha512, aesxcbc]
        default: null
        type: str

- state
        State in which to leave the IPsec proposal.
        choices: [present, absent]
        default: present
        type: str


AUTHOR: Frederic Bor (@f-bor)

METADATA:
  metadata_version: '1.1'
  status:
  - preview
  supported_by: community

EXAMPLES:

- name: Add proposal
  pfsense_ipsec_proposal:
    descr: test_tunnel
    state: present
    encryption: aes128gcm
    key_length: 128
    hash: sha256
    dhgroup: 14
    apply: False

- name: Remove proposal
  pfsense_ipsec_proposal:
    descr: test_tunnel
    state: absent
    encryption: aes128gcm
    key_length: 128
    hash: sha256
    dhgroup: 14
    apply: False


RETURN VALUES:
- commands
        the set of commands that would be pushed to the remote device
        (if pfSense had a CLI)
        returned: always
        sample: ['create ipsec_proposal on ''test_tunnel'', encryption=''aes128gcm'', key_length=128,
            hash=''sha256'', dhgroup=''14''', 'delete ipsec_proposal on ''test_tunnel'', encryption=''aes128gcm'',
            key_length=128, hash=''sha256'', dhgroup=''14''']
        type: list
Clone this wiki locally