config setup
        crlcheckinterval=180
        strictcrlpolicy=no
        plutostart=no

conn %default
        ikelifetime=60m
        keylife=20m
        rekeymargin=3m
        keyingtries=3
        keyexchange=ikev2
        mobike=no
        rightsendcert=never
        leftsendcert=never
        left=<%= scope.lookupvar('strongswan::default_left_ip_address') %>
        leftcert=<%= scope.lookupvar('strongswan::custom_hostname') %>.asc
        leftid=@<%= scope.lookupvar('strongswan::custom_hostname') %>
<% unless (subn=scope.lookupvar('strongswan::default_left_subnet')).empty? -%>
        leftsubnet=<%= subn.collect{|s| s.include?('/') ? s : (s.include?(':') ? "#{s}/128" : "#{s}/32" ) }.join(',') %>
<% end -%>

<% unless scope.lookupvar('strongswan::additional_options').empty? -%>
<%= scope.lookupvar('strongswan::additional_options') %>

<% end -%>
include <%= scope.lookupvar('strongswan::config_dir') %>/hosts/*.conf