Prefer maching on policy rather than marks.

Also, use ESP tunnel mode instead of transport mode.
author: Guilhem Moulin <guilhem@fripost.org> 2013-11-03 22:25:16 +0100
committer: Guilhem Moulin <guilhem@fripost.org> 2015-06-07 02:50:38 +0200
commit: ad9c840c40d923e0fd1b04a57274cc2ec2e381ec (patch)
tree: ae1f9fbdb938451e8c24151dd4d5723a6bf3fa82 /roles/common/templates
parent: 8f6d93f2c1af4084366cc2d6e835535608fc1e4e (diff)
1 files changed, 0 insertions, 1 deletions
diff --git a/roles/common/templates/etc/ipsec.conf.j2 b/roles/common/templates/etc/ipsec.conf.j2
index ceed16a..5ac2dd1 100644
--- a/roles/common/templates/etc/ipsec.conf.j2
+++ b/roles/common/templates/etc/ipsec.conf.j2
@@ -27,7 +27,6 @@ conn %default
     leftfirewall = yes
     rightauth    = pubkey
     rightca      = %same
-    type         = transport
     auto         = start
 
 {% for host in groups.all|sort %}
author	Guilhem Moulin <guilhem@fripost.org>	2013-11-03 22:25:16 +0100
committer	Guilhem Moulin <guilhem@fripost.org>	2015-06-07 02:50:38 +0200
commit	ad9c840c40d923e0fd1b04a57274cc2ec2e381ec (patch)
tree	ae1f9fbdb938451e8c24151dd4d5723a6bf3fa82 /roles/common/templates
parent	8f6d93f2c1af4084366cc2d6e835535608fc1e4e (diff)