#cloud-config
package_update: true
packages:
  - strongswan
  - iptables

write_files:
  - path: /etc/ipsec.conf
    content: |
      config setup
        charondebug="ike 2, knl 2, cfg 2, net 2, esp 2, dmn 2,  mgr 2"

      conn net-net
        auto=start
        keyexchange=ikev2
        authby=psk
        left=%any
        leftid=${local_ip}
        leftsubnet=${local_subnet}
        right=${remote_ip}
        rightsubnet=${remote_subnet}
        ike=aes256-sha1-modp1024!
        esp=aes256-sha1!
        dpdaction=restart
        dpddelay=30s
        dpdtimeout=120s

  - path: /etc/ipsec.secrets
    content: |
      ${local_ip} ${remote_ip} : PSK "${psk}"

runcmd:
  - sysctl -w net.ipv4.ip_forward=1
  - systemctl enable --now strongswan