automatically configure a subnet for all listening ips

author: mh <mh@immerda.ch> 2013-01-03 18:31:05 +0100
committer: mh <mh@immerda.ch> 2013-01-03 18:31:05 +0100
commit: 5ce46c56e0ed95e03c3322f6eba53488a0615207 (patch)
tree: ee2226bad8fb7110d0259b021710cafcaf5cb8fe /templates
parent: 19faa5112c736788ac0ad73eaad8009267be0ad0 (diff)
2 files changed, 4 insertions, 1 deletions
diff --git a/templates/ipsec.conf.erb b/templates/ipsec.conf.erb
index ddaf842..44225d3 100644
--- a/templates/ipsec.conf.erb
+++ b/templates/ipsec.conf.erb
@@ -15,6 +15,9 @@ conn %default
         left=<%= scope.lookupvar('strongswan::default_left_ip_address') %>
         leftcert=<%= scope.lookupvar('::fqdn') %>.asc
         leftid=@<%= scope.lookupvar('::fqdn') %>
+<% unless (subn=scope.lookupvar('strongswan::default_left_subnet')).empty? -%>
+        leftsubnet=<%= subn.collect{|s| s.include?('/') ? s : (s.include?(':') ? "#{s}/128" : "#{s}/32" ) }.join(',') %>
+<% end -%>
 
 <% unless scope.lookupvar('strongswan::additional_options').empty? -%>
 <%= scope.lookupvar('strongswan::additional_options') %>
diff --git a/templates/remote_host.erb b/templates/remote_host.erb
index 5a22ca9..a05378c 100644
--- a/templates/remote_host.erb
+++ b/templates/remote_host.erb
@@ -4,7 +4,7 @@ conn <%= name %>
         rightid=@<%= right_id %>
         rightcert=<%= right_cert_name %>.asc
 <% unless right_subnet.empty? -%>
-        rightsubnet=<%= right_subnet.join(',') %>
+        rightsubnet=<%= right_subnet.collect{|s| s.include?('/') ? s : (s.include?(':') ? "#{s}/128" : "#{s}/32" ) }.join(',') %>
 <% end -%>
         type=transport
         auto=start
author	mh <mh@immerda.ch>	2013-01-03 18:31:05 +0100
committer	mh <mh@immerda.ch>	2013-01-03 18:31:05 +0100
commit	5ce46c56e0ed95e03c3322f6eba53488a0615207 (patch)
tree	ee2226bad8fb7110d0259b021710cafcaf5cb8fe /templates
parent	19faa5112c736788ac0ad73eaad8009267be0ad0 (diff)