From aed06e938ff81e2e0c2bdf16357d7da03a04f627 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Fri, 12 Apr 2019 14:46:12 +0200
Subject: [PATCH] ipsec: replace auto=start/closeaction=restart with just
 auto=route to avoid restart loops

---
 modules/ipsec/templates/ipsec.conf-10-puppet-peers.conf.erb | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/modules/ipsec/templates/ipsec.conf-10-puppet-peers.conf.erb b/modules/ipsec/templates/ipsec.conf-10-puppet-peers.conf.erb
index bde49ce56..43a234594 100644
--- a/modules/ipsec/templates/ipsec.conf-10-puppet-peers.conf.erb
+++ b/modules/ipsec/templates/ipsec.conf-10-puppet-peers.conf.erb
@@ -38,8 +38,9 @@ config.keys.each do |host|
     lines << "  type = transport"
   end
   lines << ""
-  lines << "  auto=start"
-  lines << "  closeaction=restart"
+  lines << "  #auto=start"
+  lines << "  #closeaction=restart"
+  lines << "  auto=route"
   lines << ""
 end
 lines.join("\n")
-- 
2.20.1