# /etc/ipsec.conf - Libreswan IPsec configuration file

version 2.0

config setup
	# put the logs in /tmp for the UMLs, so that we can operate
	# without syslogd, which seems to break on UMLs
	plutostderrlog=/tmp/pluto.log
	plutodebug=all
	dumpdir=/tmp
	nat_traversal=yes

conn northnet-eastnet-nat
	also=eastnet
	also=northnet
	# Left security gateway, subnet behind it, next hop toward right.
	left=192.1.3.33 
	leftnexthop=192.1.3.254
	leftid=@north
	leftrsasigkey=0sAQPwDB+4k65xvxQ3qtPV6rUucJovYeRGnfv6T7HaeK/5TcBXDyhEDrfNLS13p5cJYUu13LJbeLYS9MQZSZq7PRsg8DsG1oVeDmJbQM9CaVKs9REMnTiRbzye3mDnsQQRRr63BnU/IMDJrmO54ZenkQIbtEkFOX6vm2gtmf/s8C0lPvQk/cNXgkHx6fTq3sZs7pUiFvspj/CrZTx4ShhFNkyvv6RrUu728HspGZwseoZqC7ZbIqnsMqjPeG65qLl+IRYk4s8yT6JBYjYxX96LoHf9V8v0Qbjq4LJm7UpaqX4EJscDRGPByVZaiAwntCU3uzc/NAlgyZJN14yzwXfv1kQUJFLDGYNBF+z0dqON+0DfuCTR
	# Right security gateway, subnet behind it, next hop toward left.
	right=192.1.2.23
	rightid=@east
	rightrsasigkey=0sAQN3cn11FrBVbZhWGwRnFDAf8O9FHBmBIyIvmvt0kfkI2UGDDq8k+vYgRkwBZDviLd1p3SkL30LzuV0rqG3vBriqaAUUGoCQ0UMgsuX+k01bROLsqGB1QNXYvYiPLsnoDhKd2Gx9MUMHEjwwEZeyskMT5k91jvoAZvdEkg+9h7urbJ+kRQ4e+IHkMUrreDGwGVptV/hYQVCD54RZep6xp5ymaKRCDgMpzWvlzO80fP7JDjSZf9LI/MMu6c+qwXIKnWoNha75IhFyLWniVczxK2RdhmMhLsi0kC0CoOwWDSIEOb+5zbECDjjud+SF5tT8qRCWnSomX8jtbCdZ50WraQlL
	rightnexthop=192.1.2.254
	auto=ignore
	aggrmode=yes
	ike=3des-sha1-modp1536

# this is a manual conn, to change the default policy for when there is
# no eroute for a particular src/dst combination. This conn is so that
# we can make west as "promiscuous" (i.e. as insecure) as possible while
# testing east.
# Note: this conflicts with the implicit packetdefault conn
conn let-my-people-go
	type=passthrough
	leftsubnet=0.0.0.0/0
	left=%defaultroute
	rightsubnet=0.0.0.0/0
	right=192.1.2.23
	#auto=manual

include	/testing/baseconfigs/all/etc/ipsec.d/ipsec.conf.common