generate the base config from a template -> include everything else

author: mh <mh@immerda.ch> 2012-12-31 17:58:22 +0100
committer: mh <mh@immerda.ch> 2012-12-31 17:58:22 +0100
commit: 690f05e2888bb862ce300125045f1cb21a0f5856 (patch)
tree: 5a93869e8352b4e8511754b13df90641472dc4f2 /templates
parent: cc53a58dfa6aef4791bb77b24d40a05f3e621643 (diff)
1 files changed, 23 insertions, 0 deletions
diff --git a/templates/ipsec.conf.erb b/templates/ipsec.conf.erb
new file mode 100644
index 0000000..40a04c1
--- /dev/null
+++ b/templates/ipsec.conf.erb
@@ -0,0 +1,23 @@
+config setup
+        crlcheckinterval=180
+        strictcrlpolicy=no
+        plutostart=no
+
+conn %default
+        ikelifetime=60m
+        keylife=20m
+        rekeymargin=3m
+        keyingtries=1
+        mobike=no
+        keyexchange=ikev2
+        rightsendcert=never
+        leftsendcert=never
+        left=<%= scope.lookupvar('strongswan::default_left_ip_address') %>.asc
+        leftcert=<%= scope.lookupvar('::fqdn') %>.asc
+        leftid=@<%= scope.lookupvar('::fqdn') %>
+
+<% unless scope.lookupvar('strongswan::additional_options').empty? -%>
+<%= scope.lookupvar('strongswan::additional_options') %>
+
+<% end -%>
+include <%= scope.lookupvar('strongswan::config_dir') %>/ipsec.hosts.*.conf
author	mh <mh@immerda.ch>	2012-12-31 17:58:22 +0100
committer	mh <mh@immerda.ch>	2012-12-31 17:58:22 +0100
commit	690f05e2888bb862ce300125045f1cb21a0f5856 (patch)
tree	5a93869e8352b4e8511754b13df90641472dc4f2 /templates
parent	cc53a58dfa6aef4791bb77b24d40a05f3e621643 (diff)