# /etc/ipsec.conf - Libreswan IPsec configuration file

version 2.0

config setup
	# put the logs in /tmp for the UMLs, so that we can operate
	# without syslogd, which seems to break on UMLs
	plutostderrlog=/tmp/pluto.log
	plutorestartoncrash=false
	dumpdir=/tmp
	protostack=klips
	plutodebug=all
	virtual_private=%v4:192.1.3.0/24
	nat_traversal=yes

conn modecfg-road-east
	also=modecfg-road-east-x509-base
	also=modecfg-east
	#also=modecfg-road

conn modecfg-road
	left=%defaultroute

conn modecfg-east-20
	left=%any
	also=modecfg-road-east-x509-base
	leftaddresspool=192.0.2.100-192.0.2.200

conn modecfg-east-21
	left=%any
	also=modecfg-road-east-x509-base
	leftaddresspool=192.0.2.1-192.0.2.200

conn modecfg-east
	left=%any
	leftaddresspool=192.0.2.100-192.0.2.200

conn modecfg-road-east-x509-base
	auto=ignore
	rightxauthserver=yes
	leftxauthclient=yes
	rightmodecfgserver=yes
	leftmodecfgclient=yes
	right=192.1.2.23
	rightsubnet=0.0.0.0/0
	modecfgpull=yes
	modecfgdns1=1.2.3.4
	modecfgdns2=5.6.7.8
	xauthby=alwaysok
	leftrsasigkey=%cert
	leftcert=road
	rightid=%fromcert
	rightrsasigkey=%cert
	rightcert=east