From af59d8cbb1437d402d0ed91df38bd3311fddcd7e Mon Sep 17 00:00:00 2001
From: Tobias Herre <tobias.herre@wikimedia.de>
Date: Fri, 27 Oct 2023 00:17:57 +0200
Subject: [PATCH] Initial commit

---
 templates/strongswan-ipsec.conf.mustache    | 19 +++++++++++++++++++
 templates/strongswan-ipsec.secrets.mustache |  6 ++++++
 2 files changed, 25 insertions(+)
 create mode 100644 templates/strongswan-ipsec.conf.mustache
 create mode 100644 templates/strongswan-ipsec.secrets.mustache

diff --git a/templates/strongswan-ipsec.conf.mustache b/templates/strongswan-ipsec.conf.mustache
new file mode 100644
index 0000000..56878a7
--- /dev/null
+++ b/templates/strongswan-ipsec.conf.mustache
@@ -0,0 +1,19 @@
+#
+# Mqnaged by CFEngine
+#
+{{#cfg.tunnel}}
+{{#.nets}}
+conn "{{.name}} {{.local}} {{.remote}}"
+	ikelifetime={{.p1_lifetime}}
+	lifetime={{.p2_lifetime}}
+	leftsubnet={{.local}}
+	rightsubnet={{.remote}}
+	left={{.local_ip}}
+	right={{.remote_ip}}
+	esp={{#.p2_encryption}}{{.}}-{{/.p2_encryption}}{{#.p2_hash}}{{.}}-{{/.p2_hash}}modp2048
+	ike={{.p1_encryption}}-{{.p1_hash}}-modp2048
+	auto=route
+	authby=secret
+	keyexchange=ikev1
+{{/.nets}}
+{{/cfg.tunnel}}
diff --git a/templates/strongswan-ipsec.secrets.mustache b/templates/strongswan-ipsec.secrets.mustache
new file mode 100644
index 0000000..50cad22
--- /dev/null
+++ b/templates/strongswan-ipsec.secrets.mustache
@@ -0,0 +1,6 @@
+#
+# Managed by CFEngine
+#
+{{#.cfg.tunnel}}
+{{remote_ip}} : PSK "{{psk}}"
+{{/.cfg.tunnel}}