diff options
| -rw-r--r-- | manifests/base.pp | 13 | ||||
| -rw-r--r-- | manifests/init.pp | 12 |
2 files changed, 12 insertions, 13 deletions
diff --git a/manifests/base.pp b/manifests/base.pp index d31b03b..9f0a38e 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -40,17 +40,4 @@ class strongswan::base { ensure => running, enable => true, } - - if $strongswan::auto_remote_host and ($::strongswan_cert != 'false') and ($::strongswan_cert != '') { - # export - @@strongswan::remote_host{$::fqdn: - right_cert_content => $::strongswan_cert, - right_ip_address => $strongswan::default_left_ip_address, - right_subnet => $strongswan::default_left_subnet, - tag => $::fqdn - } - #Strongswan::Remote_Host<<| tag == 'auto' and tag != $::fqdn |>> - Strongswan::Remote_Host<<| tag != $::fqdn |>> - } - } diff --git a/manifests/init.pp b/manifests/init.pp index 5458ed8..35555f6 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -43,6 +43,18 @@ class strongswan( } } + if $auto_remote_host and ($::strongswan_cert != 'false') and ($::strongswan_cert != '') { + # export myself + @@strongswan::remote_host{$::fqdn: + right_cert_content => $::strongswan_cert, + right_ip_address => $strongswan::default_left_ip_address, + right_subnet => $strongswan::default_left_subnet, + tag => 'strongswan_auto' + } + # collect all other auto exported except myself + Strongswan::Remote_Host<<| tag == 'strongswan_auto' and title != $::fqdn |>> + } + if $manage_shorewall { class{'shorewall::rules::ipsec': source => $strongswan::shorewall_source |