use constant RACOON_TMPL => <<'EOF';
log debug2;

path pre_shared_key "@@KEY@@";

padding
{
        randomize off;
        maximum_length 20;
        exclusive_tail off;
        strict_check off;
}

timer
{
        counter 5;
        interval 20 seconds;
        persend 1;
        phase1 30 seconds;
        phase2 15 seconds;
}

@@remote@@

@@sainfo@@

listen
{
        isakmp @@client_ip@@;
}
EOF

use constant SAINFO_TMPL => <<'EOF';
sainfo address @@client_ip@@/32 any address @@network@@ any
{
        pfs_group @@PFS_GROUP@@;
        lifetime time 1 hours;
        encryption_algorithm @@ENCRYPT@@;
        authentication_algorithm @@IDENT@@;
        compression_algorithm deflate;
}
EOF

use constant REMOTE_SERVER_TMPL => <<'EOF';
remote @@SERVER_IP@@
{
        exchange_mode aggressive, main;
        initial_contact on;
        proposal_check obey;
        support_mip6 on;
        generate_policy off;
        nonce_size 16;
        doi ipsec_doi;
        situation identity_only;
        passive off;
        my_identifier user_fqdn "@@USER_FQDN@@";
        proposal {
                encryption_algorithm @@ENCRYPT@@;
                hash_algorithm @@HASH@@;
                authentication_method pre_shared_key;
                dh_group @@DH_GROUP@@;
                lifetime time 8 minutes;
        }
}
EOF

use constant SCRIPT_TMPL => <<'EOS';
#!/bin/sh
setkey -FP
setkey -F
setkey -c << EOF
@@tunnels@@
EOF
EOS

use constant TUNNEL_TMPL => <<'EOF';
spdadd @@client_ip@@/32 @@network@@ any -P out ipsec
esp/tunnel/@@client_ip@@-@@server_ip@@/require;
spdadd @@network@@ @@client_ip@@/32 any -P in ipsec
esp/tunnel/@@server_ip@@-@@client_ip@@/require;
EOF

1;