templates/ipsec.conf.erb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

config setup
        crlcheckinterval=180
        strictcrlpolicy=no
        plutostart=no

conn %default
        ikelifetime=60m
        keylife=20m
        rekeymargin=3m
        keyingtries=1
        mobike=no
        keyexchange=ikev2
        rightsendcert=never
        leftsendcert=never
        left=<%= scope.lookupvar('strongswan::default_left_ip_address') %>.asc
        leftcert=<%= scope.lookupvar('::fqdn') %>.asc
        leftid=@<%= scope.lookupvar('::fqdn') %>

<% unless scope.lookupvar('strongswan::additional_options').empty? -%>
<%= scope.lookupvar('strongswan::additional_options') %>

<% end -%>
include <%= scope.lookupvar('strongswan::config_dir') %>/ipsec.hosts.*.conf