2 ## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
9 config = YAML.load(@ipsec_config)
11 unless config.keys.include?(@fqdn) then
12 fail("Host #{@fqdn} not found in ipsec config.")
15 config.keys.each do |host|
20 connname = pair.join('-')
22 lines << "conn #{connname}"
23 lines << " # left is us (local): #{@fqdn}"
24 lines << " left = #{config[@fqdn]['address']}"
26 lines << " # right is our peer (remote): #{host}"
27 lines << " right = #{config[host]['address']}"
29 if config[@fqdn].include?('subnet') or config[host].include?('subnet')
30 lines << " type = tunnel"
31 if config[@fqdn].include?('subnet')
32 lines << " leftsubnet = #{config[@fqdn]['subnet'].join(', ')}"
34 if config[host].include?('subnet')
35 lines << " rightsubnet = #{config[host]['subnet'].join(', ')}"
38 lines << " type = transport"
41 lines << " #auto=start"
42 lines << " #closeaction=restart"
43 lines << " auto=route"