fully auto remote host configuration

we do not only export the certificate, but also the config snippet itself so hosts configure themself fully with an ipsec configuration.
author: mh <mh@immerda.ch> 2012-12-31 18:51:06 +0100
committer: mh <mh@immerda.ch> 2012-12-31 18:51:06 +0100
commit: 492468d87aa6ea31b137fb2361b6bf7da88f3d1d (patch)
tree: e7c33b8a10bc55cc8a7abce811e19c0bb247333b /templates
parent: cf80d8606ff7d4989c8b30550624b9eaa2007e73 (diff)
2 files changed, 9 insertions, 1 deletions
diff --git a/templates/ipsec.conf.erb b/templates/ipsec.conf.erb
index ca0daa9..5527c5f 100644
--- a/templates/ipsec.conf.erb
+++ b/templates/ipsec.conf.erb
@@ -20,4 +20,4 @@ conn %default
 <%= scope.lookupvar('strongswan::additional_options') %>
 
 <% end -%>
-include <%= scope.lookupvar('strongswan::config_dir') %>/ipsec.hosts.*.conf
+include <%= scope.lookupvar('strongswan::config_dir') %>/hosts/*.conf
diff --git a/templates/remote_host.erb b/templates/remote_host.erb
new file mode 100644
index 0000000..4193506
--- /dev/null
+++ b/templates/remote_host.erb
@@ -0,0 +1,8 @@
+# host <%= name %>
+conn <%= name %>
+        right=<%= right_ip_address %>
+        rightid=@<%= right_id %>
+        rightcert=<%= right_cert_name %>.asc
+        type=transport
+        auto=start
+
author	mh <mh@immerda.ch>	2012-12-31 18:51:06 +0100
committer	mh <mh@immerda.ch>	2012-12-31 18:51:06 +0100
commit	492468d87aa6ea31b137fb2361b6bf7da88f3d1d (patch)
tree	e7c33b8a10bc55cc8a7abce811e19c0bb247333b /templates
parent	cf80d8606ff7d4989c8b30550624b9eaa2007e73 (diff)