# /etc/ipsec.conf - Libreswan IPsec configuration file

version 2.0

config setup
	# put the logs in /tmp for the UMLs, so that we can operate
	# without syslogd, which seems to break on UMLs
	plutostderrlog=/tmp/pluto.log
	plutorestartoncrash=false
	dumpdir=/tmp
	protostack=netkey

conn test1-1-ipv4
	auto=add
	rekey=no
	authby=secret
	type=transport
	left=127.0.0.1
	right=127.0.0.1
	ike=3des-sha1
	phase2=esp
	phase2alg=aes-sha1
	loopback=yes
	labeled_ipsec=yes
	policy_label=system_u:object_r:ipsec_spd_t:s0-s15:c0.c1023
	leftprotoport=tcp/0
	rightprotoport=tcp/4300

conn test1-2-ipv4
	auto=add
	rekey=no
	authby=secret
	type=transport
	left=127.0.0.1
	right=%any
	ike=3des-sha1
	phase2=esp
	phase2alg=aes-sha1
	loopback=yes
	labeled_ipsec=yes
	policy_label=system_u:object_r:ipsec_spd_t:s0-s15:c0.c1023
	leftprotoport=tcp/4300
	rightprotoport=tcp/%any