diff options
author | mh <mh@immerda.ch> | 2012-12-31 17:58:22 +0100 |
---|---|---|
committer | mh <mh@immerda.ch> | 2012-12-31 17:58:22 +0100 |
commit | 690f05e2888bb862ce300125045f1cb21a0f5856 (patch) | |
tree | 5a93869e8352b4e8511754b13df90641472dc4f2 /templates | |
parent | cc53a58dfa6aef4791bb77b24d40a05f3e621643 (diff) |
generate the base config from a template -> include everything else
Diffstat (limited to 'templates')
-rw-r--r-- | templates/ipsec.conf.erb | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/templates/ipsec.conf.erb b/templates/ipsec.conf.erb new file mode 100644 index 0000000..40a04c1 --- /dev/null +++ b/templates/ipsec.conf.erb @@ -0,0 +1,23 @@ +config setup + crlcheckinterval=180 + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + mobike=no + keyexchange=ikev2 + rightsendcert=never + leftsendcert=never + left=<%= scope.lookupvar('strongswan::default_left_ip_address') %>.asc + leftcert=<%= scope.lookupvar('::fqdn') %>.asc + leftid=@<%= scope.lookupvar('::fqdn') %> + +<% unless scope.lookupvar('strongswan::additional_options').empty? -%> +<%= scope.lookupvar('strongswan::additional_options') %> + +<% end -%> +include <%= scope.lookupvar('strongswan::config_dir') %>/ipsec.hosts.*.conf |