tripleo-ipsec/templates/ipsec-vip-tunnels.conf.j2

# Generated by ansible.
{% if pacemaker_running|bool %}

conn overcloud-{{ current_vip.name }}-vip-tunnel
    left={{ current_vip.ip }}
    leftid=@{{ current_vip.name }}vip
    right=%any
    rightid=@overcloud{{ current_vip.name }}cluster
    authby=secret
    auto=add
    dpdaction=hold
    dpddelay=5
    dpdtimeout=15
    phase2alg={{ ipsec_algorithm }}
    failureshunt=drop
    ikev2=insist

{% endif %}

conn overcloud-{{ current_vip.name }}-node-to-vip-tunnel
    left={{ current_ip }}
    leftid=@overcloud{{ current_vip.name }}cluster
    right={{ current_vip.ip }}
    rightid=@{{ current_vip.name }}vip
    authby=secret
    auto=start
    dpdaction=hold
    dpddelay=5
    dpdtimeout=15
    phase2alg={{ ipsec_algorithm }}
    failureshunt=drop
    ikev2=insist