Skip to content

pfsense_ipsec_proposal

Jump to bottom
Frederic Bor edited this page Feb 21, 2021 · 4 revisions 
> PFSENSE_IPSEC_PROPOSAL    (/home/fbor/ansible/lib/ansible/modules/network/pfsense/pfsense_ipsec_proposal.py)

  Manage pfSense ipsec proposals

  * This module is maintained by The Ansible Community
OPTIONS (= is mandatory):

- apply
  Apply VPN configuration on target pfSense
  [Default: True]
  type: bool

- descr
  The description of the ipsec tunnel on which to create/delete the proposal.
  [Default: None]
  type: str

= dhgroup
  DH group. DH groups 1, 2, 22, 23, and 24 provide weak security and should be avoided.
  (Choices: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 28, 29, 30)
  type: int

= encryption
  Encryption algorithm. aes128gcm, aes192gcm and aes256gcm can only be used with IKEv2 tunnels. Blowfish, 3DES and CAST128 provide weak security and should be avoided.
  (Choices: aes, aes128gcm, aes192gcm, aes256gcm, blowfish, 3des, cast128)
  type: str

= hash
  Hash algorithm. MD5 and SHA1 provide weak security and should be avoided.
  (Choices: md5, sha1, sha256, sha384, sha512, aesxcbc)
  type: str

- key_length
  Encryption key length
  (Choices: 64, 96, 128, 192, 256)[Default: (null)]
  type: int

- prf
  PRF algorithm. Manual PRF selection is typically not required, but can be useful in combination with AEAD Encryption Algorithms such as AES-GCM
  (Choices: md5, sha1, sha256, sha384, sha512, aesxcbc)[Default: (null)]
  type: str

- state
  State in which to leave the ipsec proposal.
  (Choices: present, absent)[Default: present]
  type: str


AUTHOR: Frederic Bor (@f-bor)
  METADATA:
    status:
    - preview
    supported_by: community
  

EXAMPLES:

- name: Add proposal
  pfsense_ipsec_proposal:
    descr: test_tunnel
    state: present
    encryption: aes128gcm
    key_length: 128
    hash: sha256
    dhgroup: 14
    apply: False

- name: Remove proposal
  pfsense_ipsec_proposal:
    descr: test_tunnel
    state: absent
    encryption: aes128gcm
    key_length: 128
    hash: sha256
    dhgroup: 14
    apply: False


RETURN VALUES:

commands:
    description: the set of commands that would be pushed to the remote device (if pfSense had a CLI)
    returned: always
    type: list
    sample: [
      "create ipsec_proposal on 'test_tunnel', encryption='aes128gcm', key_length=128, hash='sha256', dhgroup='14'",
      "delete ipsec_proposal on 'test_tunnel', encryption='aes128gcm', key_length=128, hash='sha256', dhgroup='14'",
    ]
Clone this wiki locally