Merge remote-tracking branch 'immerda/master'

Conflicts:
	manifests/init.pp

2 files changed, 9 insertions, 4 deletions

diff --git a/manifests/init.pp b/manifests/init.pp
index 6306711..e099166 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -68,8 +68,8 @@ class strongswan(
   }
 
   if $manage_shorewall {
-    class { 'shorewall::rules::ipsec':
-      source => $strongswan::shorewall_source
+    shorewall::rules::ipsec {
+      $strongswan::shorewall_source:
     }
     if $ipsec_nat {
       include shorewall::rules::ipsec_nat
diff --git a/templates/remote_host.erb b/templates/remote_host.erb
index 52639cd..dbe3945 100644
--- a/templates/remote_host.erb
+++ b/templates/remote_host.erb
@@ -7,13 +7,18 @@ conn <%= name %>
 <% if left_id != 'absent' -%>
         leftid=@<%= left_id %>
 <% end -%>
-<% unless left_subnet.empty? %>
+<% unless left_subnet.empty? -%>
         leftsubnet=<%= left_subnet.collect{|s| s.include?('/') ? s : (s.include?(':') ? "#{s}/128" : "#{s}/32" ) }.join(',') %>
 <% end -%>
         right=<%= right_ip_address %>
         rightid=@<%= right_id %>
         rightcert=<%= right_cert_name %>.asc
-<% unless right_subnet.empty? -%>
+<% if right_subnet.empty? -%>
+  <% unless (subn=scope.lookupvar('strongswan::default_left_subnet')).empty? -%>
+        # Override the public subnet definition for the internal links
+        rightsubnet=<%= right_ip_address %>/32
+  <% end %>
+<% else -%>
         rightsubnet=<%= right_subnet.collect{|s| s.include?('/') ? s : (s.include?(':') ? "#{s}/128" : "#{s}/32" ) }.join(',') %>
 <% end -%>
         type=transport