# Configuration for {{vpnservice.name}}
config setup

conn %default
        ikelifetime=60m
        keylife=20m
        rekeymargin=3m
        keyingtries=1
        authby=psk
        mobike=no

{% for ipsec_site_connection in vpnservice.ipsec_site_connections if ipsec_site_connection.admin_state_up
%}conn {{ipsec_site_connection.id}}
    left={{vpnservice.external_ip}}
    leftsubnet={{vpnservice.subnet.cidr}}
    leftid={{vpnservice.external_ip}}
    leftfirewall=yes
    right={{ipsec_site_connection.peer_address}}
    rightsubnet={{ipsec_site_connection['peer_cidrs']|join(',')}}
    rightid={{ipsec_site_connection.peer_id}}
    auto=route
    dpdaction={{ipsec_site_connection.dpd_action}}
    dpddelay={{ipsec_site_connection.dpd_interval}}s
    dpdtimeout={{ipsec_site_connection.dpd_timeout}}s
    keyexchange={{ipsec_site_connection.ikepolicy.ike_version}}
    ike={{ipsec_site_connection.ikepolicy.encryption_algorithm}}-{{ipsec_site_connection.ikepolicy.auth_algorithm}}-{{ipsec_site_connection.ikepolicy.pfs}}
    ikelifetime={{ipsec_site_connection.ikepolicy.lifetime_value}}s
    {{ipsec_site_connection.ipsecpolicy.transform_protocol}}={{ipsec_site_connection.ipsecpolicy.encryption_algorithm}}-{{ipsec_site_connection.ipsecpolicy.auth_algorithm}}-{{ipsec_site_connection.ipsecpolicy.pfs}}
    type={{ipsec_site_connection.ipsecpolicy.encapsulation_mode}}
    lifetime={{ipsec_site_connection.ipsecpolicy.lifetime_value}}s

{% endfor %}