# /etc/ipsec.conf - Libreswan IPsec configuration file

version 2.0

config setup
	# put the logs in /tmp for the UMLs, so that we can operate
	# without syslogd, which seems to break on UMLs
	plutostderrlog=/tmp/pluto.log
	plutodebug="all"
	plutorestartoncrash=false
	dumpdir=/tmp
	protostack=klips
	nat_traversal=yes
	virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.0.2.0/24,%v6:!2001:db8:0:2::/64

conn westnet-eastnet-ipv4-psk-ikev2
	leftid=@west
	rightid=@east
	authby=secret
	left=192.1.2.45
	leftsubnet=192.0.1.0/24
	leftnexthop=192.1.2.23
	right=192.1.2.23
	rightsubnet=192.0.2.0/24
	rightnexthop=192.1.2.45
	ikev2=insist
	narrowing=yes