# host <%= name %>
<% if !(right_id =~ /#{scope.lookupvar('strongswan::custom_hostname')}/) -%>
conn <%= name %>
<% if left_ip_address != 'absent' -%>
        left=<%= left_ip_address %>
<% end -%>
<% if left_id != 'absent' -%>
        leftid=@<%= left_id %>
<% end -%>
<% unless left_subnet.empty? -%>
        leftsubnet=<%= left_subnet.collect{|s| s.include?('/') ? s : (s.include?(':') ? "#{s}/128" : "#{s}/32" ) }.join(',') %>
<% end -%>
        right=<%= right_ip_address %>
        rightid=@<%= right_id %>
        rightcert=<%= right_cert_name %>.asc
<% if right_subnet.empty? -%>
  <% unless (subn=scope.lookupvar('strongswan::default_left_subnet')).empty? -%>
        # Override the public subnet definition for the internal links
        rightsubnet=<%= right_ip_address %>/32
  <% end %>
<% else -%>
        rightsubnet=<%= right_subnet.collect{|s| s.include?('/') ? s : (s.include?(':') ? "#{s}/128" : "#{s}/32" ) }.join(',') %>
<% end -%>
        type=transport
        auto=start
<% else -%>
# placeholder to not add ourself to the hostlist
# this is due to a limitations how puppet can collect
# exported resources
<% end -%>