diff options
author | Micah Anderson <micah@riseup.net> | 2013-08-10 19:08:08 +0200 |
---|---|---|
committer | Micah Anderson <micah@riseup.net> | 2013-08-10 19:08:08 +0200 |
commit | f7665a02299ae043b3a0d4c611b057b078fef29b (patch) | |
tree | 8bd84f1edb4d9b58396974f1bc0928f377f0eb7b | |
parent | 7abaf9db50c73eca827df4c4ef9608370bc0f25c (diff) | |
parent | 9bff4b7d2222f3bba58603efde427532d3a5f502 (diff) |
Merge remote-tracking branch 'immerda/master'
Conflicts:
manifests/init.pp
-rw-r--r-- | manifests/init.pp | 4 | ||||
-rw-r--r-- | templates/remote_host.erb | 9 |
2 files changed, 9 insertions, 4 deletions
diff --git a/manifests/init.pp b/manifests/init.pp index 6306711..e099166 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -68,8 +68,8 @@ class strongswan( } if $manage_shorewall { - class { 'shorewall::rules::ipsec': - source => $strongswan::shorewall_source + shorewall::rules::ipsec { + $strongswan::shorewall_source: } if $ipsec_nat { include shorewall::rules::ipsec_nat diff --git a/templates/remote_host.erb b/templates/remote_host.erb index 52639cd..dbe3945 100644 --- a/templates/remote_host.erb +++ b/templates/remote_host.erb @@ -7,13 +7,18 @@ conn <%= name %> <% if left_id != 'absent' -%> leftid=@<%= left_id %> <% end -%> -<% unless left_subnet.empty? %> +<% unless left_subnet.empty? -%> leftsubnet=<%= left_subnet.collect{|s| s.include?('/') ? s : (s.include?(':') ? "#{s}/128" : "#{s}/32" ) }.join(',') %> <% end -%> right=<%= right_ip_address %> rightid=@<%= right_id %> rightcert=<%= right_cert_name %>.asc -<% unless right_subnet.empty? -%> +<% if right_subnet.empty? -%> + <% unless (subn=scope.lookupvar('strongswan::default_left_subnet')).empty? -%> + # Override the public subnet definition for the internal links + rightsubnet=<%= right_ip_address %>/32 + <% end %> +<% else -%> rightsubnet=<%= right_subnet.collect{|s| s.include?('/') ? s : (s.include?(':') ? "#{s}/128" : "#{s}/32" ) }.join(',') %> <% end -%> type=transport |