# /etc/ipsec.conf - Libreswan IPsec configuration file

version 2.0

config setup
	# put the logs in /tmp for the UMLs, so that we can operate
	# without syslogd, which seems to break on UMLs
	plutostderrlog=/tmp/pluto.log
	plutodebug="all"
	plutorestartoncrash=false
	dumpdir=/tmp

conn west--east-ikev2
	ikev2=insist
	authby=rsasig
	#auto=start
	left=192.1.2.45
	leftnexthop=192.1.2.23
	leftrsasigkey=%cert
	leftcert=/etc/ipsec.d/certs/east.crt
	leftsendcert=never
	leftid="C=ca, ST=Ontario, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=testing.libreswan.org"
	rightid="C=ca/ST=Ontario/O=Libreswan/OU=Test Department/CN=west.testing.libreswan.org/E=testing.libreswan.org"
	right=192.1.2.23
	rightnexthop=192.1.2.45
	rightrsasigkey=%cert
	rightcert=/etc/ipsec.d/certs/west.crt
	rightsendcert=never

include	/testing/baseconfigs/all/etc/ipsec.d/ipsec.conf.common

conn us
	rightsubnet=192.0.2.0/24

conn them
	leftsubnet=192.0.1.0/24