diff --git a/templates/strongswan-ipsec.conf.mustache b/templates/strongswan-ipsec.conf.mustache
new file mode 100644
index 0000000..56878a7
--- /dev/null
+++ b/templates/strongswan-ipsec.conf.mustache
@@ -0,0 +1,19 @@
+#
+# Mqnaged by CFEngine
+#
+{{#cfg.tunnel}}
+{{#.nets}}
+conn "{{.name}} {{.local}} {{.remote}}"
+	ikelifetime={{.p1_lifetime}}
+	lifetime={{.p2_lifetime}}
+	leftsubnet={{.local}}
+	rightsubnet={{.remote}}
+	left={{.local_ip}}
+	right={{.remote_ip}}
+	esp={{#.p2_encryption}}{{.}}-{{/.p2_encryption}}{{#.p2_hash}}{{.}}-{{/.p2_hash}}modp2048
+	ike={{.p1_encryption}}-{{.p1_hash}}-modp2048
+	auto=route
+	authby=secret
+	keyexchange=ikev1
+{{/.nets}}
+{{/cfg.tunnel}}
diff --git a/templates/strongswan-ipsec.secrets.mustache b/templates/strongswan-ipsec.secrets.mustache
new file mode 100644
index 0000000..50cad22
--- /dev/null
+++ b/templates/strongswan-ipsec.secrets.mustache
@@ -0,0 +1,6 @@
+#
+# Managed by CFEngine
+#
+{{#.cfg.tunnel}}
+{{remote_ip}} : PSK "{{psk}}"
+{{/.cfg.tunnel}}