From 690f05e2888bb862ce300125045f1cb21a0f5856 Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Mon, 31 Dec 2012 17:58:22 +0100
Subject: generate the base config from a template -> include everything else

---
 templates/ipsec.conf.erb | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 templates/ipsec.conf.erb

(limited to 'templates')

diff --git a/templates/ipsec.conf.erb b/templates/ipsec.conf.erb
new file mode 100644
index 0000000..40a04c1
--- /dev/null
+++ b/templates/ipsec.conf.erb
@@ -0,0 +1,23 @@
+config setup
+        crlcheckinterval=180
+        strictcrlpolicy=no
+        plutostart=no
+
+conn %default
+        ikelifetime=60m
+        keylife=20m
+        rekeymargin=3m
+        keyingtries=1
+        mobike=no
+        keyexchange=ikev2
+        rightsendcert=never
+        leftsendcert=never
+        left=<%= scope.lookupvar('strongswan::default_left_ip_address') %>.asc
+        leftcert=<%= scope.lookupvar('::fqdn') %>.asc
+        leftid=@<%= scope.lookupvar('::fqdn') %>
+
+<% unless scope.lookupvar('strongswan::additional_options').empty? -%>
+<%= scope.lookupvar('strongswan::additional_options') %>
+
+<% end -%>
+include <%= scope.lookupvar('strongswan::config_dir') %>/ipsec.hosts.*.conf
-- 
cgit v1.2.3