#
# remote $title
# 

remote <%= @remote_ip %> {
        exchange_mode main;
        proposal {
		encryption_algorithm <%= @encryption %>;
		hash_algorithm <%= @hash %>;
		dh_group <%= @dh_group %>;
		lifetime time <%= @lifetime %>;
                authentication_method pre_shared_key;
        }
       # generate_policy on;
}

<% @nets.each do |net| -%>
	<%- @salifetime = net['lifetime'] ? net['lifetime'] : "3600 sec" %>
	<%- @saencryption = net['encryption'] ? net['encryption'] : @encryption %>
	<%- @pfs_group = net['pfs_group'] ? net['pfs_group'] : @dh_group %>
	<%- @p2hash = net['hash'] ? net['hash'] : 'hmac_md5'  %>


sainfo address <%= net['local'] %> <%= net['proto'] %> address <%= net['remote'] %> <%= net['proto'] %>
{
	pfs_group <%= @pfs_group %>;
	encryption_algorithm <%= @saencryption %>;
	authentication_algorithm <%= @p2hash %>;
	compression_algorithm deflate;
	lifetime time <%= @salifetime %>;
}
<% end -%>