# /etc/ipsec.conf - Libreswan IPsec configuration file

version 2.0

config setup
	# put the logs in /tmp for the UMLs, so that we can operate
	# without syslogd, which seems to break on UMLs
	plutostderrlog=/tmp/pluto.log
	plutodebug=all
	plutorestartoncrash=false
	dumpdir=/tmp
	protostack=klips
	nhelpers=1

conn multi
	also=west-east
	ikev2=insist
	ike=aes128-sha1;modp2048
	esp=aes128-sha1;modp2048
	pfs=yes
	leftsubnets={10.0.1.0/24,10.0.2.0/24,10.0.3.0/24,10.0.4.0/24}
	rightsubnets={11.0.1.0/24,11.0.2.0/24,11.0.3.0/24,11.0.4.0/24}

include	/testing/baseconfigs/all/etc/ipsec.d/ipsec.conf.common