diff options
-rw-r--r-- | manifests/init.pp | 4 | ||||
-rw-r--r-- | templates/remote_host.erb | 9 |
2 files changed, 9 insertions, 4 deletions
diff --git a/manifests/init.pp b/manifests/init.pp index 6306711..e099166 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -68,8 +68,8 @@ class strongswan( } if $manage_shorewall { - class { 'shorewall::rules::ipsec': - source => $strongswan::shorewall_source + shorewall::rules::ipsec { + $strongswan::shorewall_source: } if $ipsec_nat { include shorewall::rules::ipsec_nat diff --git a/templates/remote_host.erb b/templates/remote_host.erb index 52639cd..dbe3945 100644 --- a/templates/remote_host.erb +++ b/templates/remote_host.erb @@ -7,13 +7,18 @@ conn <%= name %> <% if left_id != 'absent' -%> leftid=@<%= left_id %> <% end -%> -<% unless left_subnet.empty? %> +<% unless left_subnet.empty? -%> leftsubnet=<%= left_subnet.collect{|s| s.include?('/') ? s : (s.include?(':') ? "#{s}/128" : "#{s}/32" ) }.join(',') %> <% end -%> right=<%= right_ip_address %> rightid=@<%= right_id %> rightcert=<%= right_cert_name %>.asc -<% unless right_subnet.empty? -%> +<% if right_subnet.empty? -%> + <% unless (subn=scope.lookupvar('strongswan::default_left_subnet')).empty? -%> + # Override the public subnet definition for the internal links + rightsubnet=<%= right_ip_address %>/32 + <% end %> +<% else -%> rightsubnet=<%= right_subnet.collect{|s| s.include?('/') ? s : (s.include?(':') ? "#{s}/128" : "#{s}/32" ) }.join(',') %> <% end -%> type=transport |