#conn simulate-OE-east-west-1 loaded #conn us-to-anyone loaded #conn me-to-anyone loaded #conn us-clear loaded #conn us-let-my-dns-go loaded #conn let-my-dns-go loaded #conn us-clear-or-private loaded #conn us-private-or-clear loaded #conn us-private-or-clear-all loaded #conn us-private loaded #conn us-block loaded #conn private-or-clear-all loaded #conn clear loaded #conn clear-or-private loaded #conn private-or-clear loaded #conn private loaded #conn block loaded #conn west-east loaded #conn west-eastnet loaded #conn westnet-east loaded #conn west-east-pass loaded #conn westnet-east-pass loaded #conn west-eastnet-pass loaded #conn westnet-eastnet-ipcomp loaded #conn westnet-eastnet loaded #conn westnet-eastnet-pass loaded #conn westnet-eastnet-drop loaded #conn eastnet loaded #conn westnet loaded #conn west-east-base loaded #conn road-east-base loaded #conn westnet-eastnet-x509 loaded #conn west-east-x509 loaded #conn north-east-x509 loaded #conn north-east loaded #conn us loaded #conn them loaded #conn packetdefault loaded version 2.0 config setup plutorestartoncrash=no oe=yes plutostderrlog=/tmp/pluto.log dumpdir=/tmp # begin conn simulate-OE-east-west-1 conn simulate-OE-east-west-1 left=192.1.2.23 right=192.1.2.45 rightsubnet=192.0.1.1/32 keyingtries=1 auto=ignore type=tunnel compress=no pfs=yes rekey=yes authby=rsasig phase2=esp # end conn simulate-OE-east-west-1 # begin conn us-to-anyone conn us-to-anyone #also = us me-to-anyone left=%opportunistic right=%defaultroute rightnexthop=%defaultroute rightsubnet=192.0.2.0/24 failureshunt=drop auto=ignore type=tunnel compress=no pfs=yes rekey=yes authby=rsasig phase2=esp # end conn us-to-anyone # begin conn me-to-anyone conn me-to-anyone left=%opportunistic right=%defaultroute rightnexthop=%defaultroute failureshunt=drop auto=ignore type=tunnel compress=no pfs=yes rekey=yes authby=rsasig phase2=esp # end conn me-to-anyone # begin conn us-clear conn us-clear #also = clear us left=%group right=%defaultroute rightsubnet=192.0.2.0/24 authby=never auto=ignore type=passthrough # end conn us-clear # begin conn us-let-my-dns-go conn us-let-my-dns-go #also = let-my-dns-go left=%defaultroute leftprotoport=17/%any right=0.0.0.0 rightsubnet=0.0.0.0/0 rightprotoport=17/53 auto=ignore type=passthrough # end conn us-let-my-dns-go # begin conn let-my-dns-go conn let-my-dns-go left=%defaultroute leftprotoport=17/%any right=0.0.0.0 rightsubnet=0.0.0.0/0 rightprotoport=17/53 auto=ignore type=passthrough # end conn let-my-dns-go # begin conn us-clear-or-private conn us-clear-or-private #also = clear-or-private us left=%opportunisticgroup right=%defaultroute rightsubnet=192.0.2.0/24 failureshunt=passthrough auto=ignore type=passthrough # end conn us-clear-or-private # begin conn us-private-or-clear conn us-private-or-clear #also = private-or-clear us left=%opportunisticgroup right=%defaultroute rightsubnet=192.0.2.0/24 failureshunt=passthrough auto=ignore type=tunnel compress=no pfs=yes rekey=yes authby=rsasig phase2=esp # end conn us-private-or-clear # begin conn us-private-or-clear-all conn us-private-or-clear-all #also = private-or-clear us left=%opportunisticgroup right=%defaultroute rightsubnet=192.0.2.0/24 failureshunt=passthrough auto=ignore type=tunnel compress=no pfs=yes rekey=yes authby=rsasig phase2=esp # end conn us-private-or-clear-all # begin conn us-private conn us-private #also = private us left=%opportunisticgroup right=%defaultroute rightsubnet=192.0.2.0/24 failureshunt=drop auto=ignore type=tunnel compress=no pfs=yes rekey=yes authby=rsasig phase2=esp # end conn us-private # begin conn us-block conn us-block #also = block us left=%group right=%defaultroute rightsubnet=192.0.2.0/24 authby=never auto=ignore type=reject # end conn us-block # begin conn private-or-clear-all conn private-or-clear-all #also = private-or-clear left=%opportunisticgroup right=%defaultroute failureshunt=passthrough auto=ignore type=tunnel compress=no pfs=yes rekey=yes authby=rsasig phase2=esp # end conn private-or-clear-all # begin conn clear conn clear left=%group right=%defaultroute authby=never auto=ignore type=passthrough # end conn clear # begin conn clear-or-private conn clear-or-private left=%opportunisticgroup right=%defaultroute failureshunt=passthrough auto=ignore type=passthrough # end conn clear-or-private # begin conn private-or-clear conn private-or-clear left=%opportunisticgroup right=%defaultroute failureshunt=passthrough auto=ignore type=tunnel compress=no pfs=yes rekey=yes authby=rsasig phase2=esp # end conn private-or-clear # begin conn private conn private left=%opportunisticgroup right=%defaultroute failureshunt=drop auto=ignore type=tunnel compress=no pfs=yes rekey=yes authby=rsasig phase2=esp # end conn private # begin conn block conn block left=%group right=%defaultroute authby=never auto=ignore type=reject # end conn block # begin conn west-east conn west-east #also = west-east-base left=192.1.2.45 leftid="@west" leftnexthop=192.1.2.23 leftrsakey=0sAQNzGEFs18VKT00sA+4p+GUKn9C55PYuPQca6C+9Qhj0jfMdQnTRTDLeI+lp9TnidHH7fVpq+PkfiF2LHlZtDwMurLlwzbNOghlEYKfQ080WlOTTUAmOLhAzH28MF70q3hzq0m5fCaVZWtxcV+LfHWdxceCkjBUSaTFtR2W12urFCBz+SB3+OM33aeIbfHxmck2yzhJ8xyMods5kF3ek/RZlFvgN8VqBdcFVrZwTh0mXDCGN12HNFixL6FzQ1jQKerKBbjb0m/IPqugvpVPWVIUajUpLMEmi1FAXc1mFZE9x1SFuSr0NzYIu2ZaHfvsAZY5oN+I+R2oC67fUCjgxY+t7 right=192.1.2.23 rightid="@east" rightnexthop=192.1.2.45 rightrsakey=0sAQN3cn11FrBVbZhWGwRnFDAf8O9FHBmBIyIvmvt0kfkI2UGDDq8k+vYgRkwBZDviLd1p3SkL30LzuV0rqG3vBriqaAUUGoCQ0UMgsuX+k01bROLsqGB1QNXYvYiPLsnoDhKd2Gx9MUMHEjwwEZeyskMT5k91jvoAZvdEkg+9h7urbJ+kRQ4e+IHkMUrreDGwGVptV/hYQVCD54RZep6xp5ymaKRCDgMpzWvlzO80fP7JDjSZf9LI/MMu6c+qwXIKnWoNha75IhFyLWniVczxK2RdhmMhLsi0kC0CoOwWDSIEOb+5zbECDjjud+SF5tT8qRCWnSomX8jtbCdZ50WraQlL auto=ignore type=tunnel compress=no pfs=yes rekey=yes authby=rsasig phase2=esp # end conn west-east # begin conn west-eastnet conn west-eastnet #also = west-east-base eastnet left=192.1.2.45 leftid="@west" leftnexthop=192.1.2.23 leftrsakey=0sAQNzGEFs18VKT00sA+4p+GUKn9C55PYuPQca6C+9Qhj0jfMdQnTRTDLeI+lp9TnidHH7fVpq+PkfiF2LHlZtDwMurLlwzbNOghlEYKfQ080WlOTTUAmOLhAzH28MF70q3hzq0m5fCaVZWtxcV+LfHWdxceCkjBUSaTFtR2W12urFCBz+SB3+OM33aeIbfHxmck2yzhJ8xyMods5kF3ek/RZlFvgN8VqBdcFVrZwTh0mXDCGN12HNFixL6FzQ1jQKerKBbjb0m/IPqugvpVPWVIUajUpLMEmi1FAXc1mFZE9x1SFuSr0NzYIu2ZaHfvsAZY5oN+I+R2oC67fUCjgxY+t7 right=192.1.2.23 rightid="@east" rightnexthop=192.1.2.45 rightsubnet=192.0.2.0/24 rightrsakey=0sAQN3cn11FrBVbZhWGwRnFDAf8O9FHBmBIyIvmvt0kfkI2UGDDq8k+vYgRkwBZDviLd1p3SkL30LzuV0rqG3vBriqaAUUGoCQ0UMgsuX+k01bROLsqGB1QNXYvYiPLsnoDhKd2Gx9MUMHEjwwEZeyskMT5k91jvoAZvdEkg+9h7urbJ+kRQ4e+IHkMUrreDGwGVptV/hYQVCD54RZep6xp5ymaKRCDgMpzWvlzO80fP7JDjSZf9LI/MMu6c+qwXIKnWoNha75IhFyLWniVczxK2RdhmMhLsi0kC0CoOwWDSIEOb+5zbECDjjud+SF5tT8qRCWnSomX8jtbCdZ50WraQlL auto=ignore type=tunnel compress=no pfs=yes rekey=yes authby=rsasig phase2=esp # end conn west-eastnet # begin conn westnet-east conn westnet-east #also = west-east-base westnet left=192.1.2.45 leftid="@west" leftnexthop=192.1.2.23 leftsubnet=192.0.1.0/24 leftrsakey=0sAQNzGEFs18VKT00sA+4p+GUKn9C55PYuPQca6C+9Qhj0jfMdQnTRTDLeI+lp9TnidHH7fVpq+PkfiF2LHlZtDwMurLlwzbNOghlEYKfQ080WlOTTUAmOLhAzH28MF70q3hzq0m5fCaVZWtxcV+LfHWdxceCkjBUSaTFtR2W12urFCBz+SB3+OM33aeIbfHxmck2yzhJ8xyMods5kF3ek/RZlFvgN8VqBdcFVrZwTh0mXDCGN12HNFixL6FzQ1jQKerKBbjb0m/IPqugvpVPWVIUajUpLMEmi1FAXc1mFZE9x1SFuSr0NzYIu2ZaHfvsAZY5oN+I+R2oC67fUCjgxY+t7 right=192.1.2.23 rightid="@east" rightnexthop=192.1.2.45 rightrsakey=0sAQN3cn11FrBVbZhWGwRnFDAf8O9FHBmBIyIvmvt0kfkI2UGDDq8k+vYgRkwBZDviLd1p3SkL30LzuV0rqG3vBriqaAUUGoCQ0UMgsuX+k01bROLsqGB1QNXYvYiPLsnoDhKd2Gx9MUMHEjwwEZeyskMT5k91jvoAZvdEkg+9h7urbJ+kRQ4e+IHkMUrreDGwGVptV/hYQVCD54RZep6xp5ymaKRCDgMpzWvlzO80fP7JDjSZf9LI/MMu6c+qwXIKnWoNha75IhFyLWniVczxK2RdhmMhLsi0kC0CoOwWDSIEOb+5zbECDjjud+SF5tT8qRCWnSomX8jtbCdZ50WraQlL auto=ignore type=tunnel compress=no pfs=yes rekey=yes authby=rsasig phase2=esp # end conn westnet-east # begin conn west-east-pass conn west-east-pass #also = west-east-base left=192.1.2.45 leftid="@west" leftnexthop=192.1.2.23 leftrsakey=0sAQNzGEFs18VKT00sA+4p+GUKn9C55PYuPQca6C+9Qhj0jfMdQnTRTDLeI+lp9TnidHH7fVpq+PkfiF2LHlZtDwMurLlwzbNOghlEYKfQ080WlOTTUAmOLhAzH28MF70q3hzq0m5fCaVZWtxcV+LfHWdxceCkjBUSaTFtR2W12urFCBz+SB3+OM33aeIbfHxmck2yzhJ8xyMods5kF3ek/RZlFvgN8VqBdcFVrZwTh0mXDCGN12HNFixL6FzQ1jQKerKBbjb0m/IPqugvpVPWVIUajUpLMEmi1FAXc1mFZE9x1SFuSr0NzYIu2ZaHfvsAZY5oN+I+R2oC67fUCjgxY+t7 right=192.1.2.23 rightid="@east" rightnexthop=192.1.2.45 rightrsakey=0sAQN3cn11FrBVbZhWGwRnFDAf8O9FHBmBIyIvmvt0kfkI2UGDDq8k+vYgRkwBZDviLd1p3SkL30LzuV0rqG3vBriqaAUUGoCQ0UMgsuX+k01bROLsqGB1QNXYvYiPLsnoDhKd2Gx9MUMHEjwwEZeyskMT5k91jvoAZvdEkg+9h7urbJ+kRQ4e+IHkMUrreDGwGVptV/hYQVCD54RZep6xp5ymaKRCDgMpzWvlzO80fP7JDjSZf9LI/MMu6c+qwXIKnWoNha75IhFyLWniVczxK2RdhmMhLsi0kC0CoOwWDSIEOb+5zbECDjjud+SF5tT8qRCWnSomX8jtbCdZ50WraQlL auto=ignore type=passthrough # end conn west-east-pass # begin conn westnet-east-pass conn westnet-east-pass #also = west-east-base westnet left=192.1.2.45 leftid="@west" leftnexthop=192.1.2.23 leftsubnet=192.0.1.0/24 leftrsakey=0sAQNzGEFs18VKT00sA+4p+GUKn9C55PYuPQca6C+9Qhj0jfMdQnTRTDLeI+lp9TnidHH7fVpq+PkfiF2LHlZtDwMurLlwzbNOghlEYKfQ080WlOTTUAmOLhAzH28MF70q3hzq0m5fCaVZWtxcV+LfHWdxceCkjBUSaTFtR2W12urFCBz+SB3+OM33aeIbfHxmck2yzhJ8xyMods5kF3ek/RZlFvgN8VqBdcFVrZwTh0mXDCGN12HNFixL6FzQ1jQKerKBbjb0m/IPqugvpVPWVIUajUpLMEmi1FAXc1mFZE9x1SFuSr0NzYIu2ZaHfvsAZY5oN+I+R2oC67fUCjgxY+t7 right=192.1.2.23 rightid="@east" rightnexthop=192.1.2.45 rightrsakey=0sAQN3cn11FrBVbZhWGwRnFDAf8O9FHBmBIyIvmvt0kfkI2UGDDq8k+vYgRkwBZDviLd1p3SkL30LzuV0rqG3vBriqaAUUGoCQ0UMgsuX+k01bROLsqGB1QNXYvYiPLsnoDhKd2Gx9MUMHEjwwEZeyskMT5k91jvoAZvdEkg+9h7urbJ+kRQ4e+IHkMUrreDGwGVptV/hYQVCD54RZep6xp5ymaKRCDgMpzWvlzO80fP7JDjSZf9LI/MMu6c+qwXIKnWoNha75IhFyLWniVczxK2RdhmMhLsi0kC0CoOwWDSIEOb+5zbECDjjud+SF5tT8qRCWnSomX8jtbCdZ50WraQlL auto=ignore type=passthrough # end conn westnet-east-pass # begin conn west-eastnet-pass conn west-eastnet-pass #also = west-east-base eastnet left=192.1.2.45 leftid="@west" leftnexthop=192.1.2.23 leftrsakey=0sAQNzGEFs18VKT00sA+4p+GUKn9C55PYuPQca6C+9Qhj0jfMdQnTRTDLeI+lp9TnidHH7fVpq+PkfiF2LHlZtDwMurLlwzbNOghlEYKfQ080WlOTTUAmOLhAzH28MF70q3hzq0m5fCaVZWtxcV+LfHWdxceCkjBUSaTFtR2W12urFCBz+SB3+OM33aeIbfHxmck2yzhJ8xyMods5kF3ek/RZlFvgN8VqBdcFVrZwTh0mXDCGN12HNFixL6FzQ1jQKerKBbjb0m/IPqugvpVPWVIUajUpLMEmi1FAXc1mFZE9x1SFuSr0NzYIu2ZaHfvsAZY5oN+I+R2oC67fUCjgxY+t7 right=192.1.2.23 rightid="@east" rightnexthop=192.1.2.45 rightsubnet=192.0.2.0/24 rightrsakey=0sAQN3cn11FrBVbZhWGwRnFDAf8O9FHBmBIyIvmvt0kfkI2UGDDq8k+vYgRkwBZDviLd1p3SkL30LzuV0rqG3vBriqaAUUGoCQ0UMgsuX+k01bROLsqGB1QNXYvYiPLsnoDhKd2Gx9MUMHEjwwEZeyskMT5k91jvoAZvdEkg+9h7urbJ+kRQ4e+IHkMUrreDGwGVptV/hYQVCD54RZep6xp5ymaKRCDgMpzWvlzO80fP7JDjSZf9LI/MMu6c+qwXIKnWoNha75IhFyLWniVczxK2RdhmMhLsi0kC0CoOwWDSIEOb+5zbECDjjud+SF5tT8qRCWnSomX8jtbCdZ50WraQlL auto=ignore type=passthrough # end conn west-eastnet-pass # begin conn westnet-eastnet-ipcomp conn westnet-eastnet-ipcomp #also = westnet-eastnet west-east-base westnet eastnet left=192.1.2.45 leftid="@west" leftnexthop=192.1.2.23 leftsubnet=192.0.1.0/24 leftrsakey=0sAQNzGEFs18VKT00sA+4p+GUKn9C55PYuPQca6C+9Qhj0jfMdQnTRTDLeI+lp9TnidHH7fVpq+PkfiF2LHlZtDwMurLlwzbNOghlEYKfQ080WlOTTUAmOLhAzH28MF70q3hzq0m5fCaVZWtxcV+LfHWdxceCkjBUSaTFtR2W12urFCBz+SB3+OM33aeIbfHxmck2yzhJ8xyMods5kF3ek/RZlFvgN8VqBdcFVrZwTh0mXDCGN12HNFixL6FzQ1jQKerKBbjb0m/IPqugvpVPWVIUajUpLMEmi1FAXc1mFZE9x1SFuSr0NzYIu2ZaHfvsAZY5oN+I+R2oC67fUCjgxY+t7 right=192.1.2.23 rightid="@east" rightnexthop=192.1.2.45 rightsubnet=192.0.2.0/24 rightrsakey=0sAQN3cn11FrBVbZhWGwRnFDAf8O9FHBmBIyIvmvt0kfkI2UGDDq8k+vYgRkwBZDviLd1p3SkL30LzuV0rqG3vBriqaAUUGoCQ0UMgsuX+k01bROLsqGB1QNXYvYiPLsnoDhKd2Gx9MUMHEjwwEZeyskMT5k91jvoAZvdEkg+9h7urbJ+kRQ4e+IHkMUrreDGwGVptV/hYQVCD54RZep6xp5ymaKRCDgMpzWvlzO80fP7JDjSZf9LI/MMu6c+qwXIKnWoNha75IhFyLWniVczxK2RdhmMhLsi0kC0CoOwWDSIEOb+5zbECDjjud+SF5tT8qRCWnSomX8jtbCdZ50WraQlL compress=yes auto=ignore type=tunnel compress=yes pfs=yes rekey=yes authby=rsasig phase2=esp # end conn westnet-eastnet-ipcomp # begin conn westnet-eastnet conn westnet-eastnet #also = west-east-base westnet eastnet left=192.1.2.45 leftid="@west" leftnexthop=192.1.2.23 leftsubnet=192.0.1.0/24 leftrsakey=0sAQNzGEFs18VKT00sA+4p+GUKn9C55PYuPQca6C+9Qhj0jfMdQnTRTDLeI+lp9TnidHH7fVpq+PkfiF2LHlZtDwMurLlwzbNOghlEYKfQ080WlOTTUAmOLhAzH28MF70q3hzq0m5fCaVZWtxcV+LfHWdxceCkjBUSaTFtR2W12urFCBz+SB3+OM33aeIbfHxmck2yzhJ8xyMods5kF3ek/RZlFvgN8VqBdcFVrZwTh0mXDCGN12HNFixL6FzQ1jQKerKBbjb0m/IPqugvpVPWVIUajUpLMEmi1FAXc1mFZE9x1SFuSr0NzYIu2ZaHfvsAZY5oN+I+R2oC67fUCjgxY+t7 right=192.1.2.23 rightid="@east" rightnexthop=192.1.2.45 rightsubnet=192.0.2.0/24 rightrsakey=0sAQN3cn11FrBVbZhWGwRnFDAf8O9FHBmBIyIvmvt0kfkI2UGDDq8k+vYgRkwBZDviLd1p3SkL30LzuV0rqG3vBriqaAUUGoCQ0UMgsuX+k01bROLsqGB1QNXYvYiPLsnoDhKd2Gx9MUMHEjwwEZeyskMT5k91jvoAZvdEkg+9h7urbJ+kRQ4e+IHkMUrreDGwGVptV/hYQVCD54RZep6xp5ymaKRCDgMpzWvlzO80fP7JDjSZf9LI/MMu6c+qwXIKnWoNha75IhFyLWniVczxK2RdhmMhLsi0kC0CoOwWDSIEOb+5zbECDjjud+SF5tT8qRCWnSomX8jtbCdZ50WraQlL auto=ignore type=tunnel compress=no pfs=yes rekey=yes authby=rsasig phase2=esp # end conn westnet-eastnet # begin conn westnet-eastnet-pass conn westnet-eastnet-pass #also = west-east-base westnet eastnet left=192.1.2.45 leftid="@west" leftnexthop=192.1.2.23 leftsubnet=192.0.1.0/24 leftrsakey=0sAQNzGEFs18VKT00sA+4p+GUKn9C55PYuPQca6C+9Qhj0jfMdQnTRTDLeI+lp9TnidHH7fVpq+PkfiF2LHlZtDwMurLlwzbNOghlEYKfQ080WlOTTUAmOLhAzH28MF70q3hzq0m5fCaVZWtxcV+LfHWdxceCkjBUSaTFtR2W12urFCBz+SB3+OM33aeIbfHxmck2yzhJ8xyMods5kF3ek/RZlFvgN8VqBdcFVrZwTh0mXDCGN12HNFixL6FzQ1jQKerKBbjb0m/IPqugvpVPWVIUajUpLMEmi1FAXc1mFZE9x1SFuSr0NzYIu2ZaHfvsAZY5oN+I+R2oC67fUCjgxY+t7 right=192.1.2.23 rightid="@east" rightnexthop=192.1.2.45 rightsubnet=192.0.2.0/24 rightrsakey=0sAQN3cn11FrBVbZhWGwRnFDAf8O9FHBmBIyIvmvt0kfkI2UGDDq8k+vYgRkwBZDviLd1p3SkL30LzuV0rqG3vBriqaAUUGoCQ0UMgsuX+k01bROLsqGB1QNXYvYiPLsnoDhKd2Gx9MUMHEjwwEZeyskMT5k91jvoAZvdEkg+9h7urbJ+kRQ4e+IHkMUrreDGwGVptV/hYQVCD54RZep6xp5ymaKRCDgMpzWvlzO80fP7JDjSZf9LI/MMu6c+qwXIKnWoNha75IhFyLWniVczxK2RdhmMhLsi0kC0CoOwWDSIEOb+5zbECDjjud+SF5tT8qRCWnSomX8jtbCdZ50WraQlL auto=ignore type=passthrough # end conn westnet-eastnet-pass # begin conn westnet-eastnet-drop conn westnet-eastnet-drop #also = west-east-base westnet eastnet left=192.1.2.45 leftid="@west" leftnexthop=192.1.2.23 leftsubnet=192.0.1.0/24 leftrsakey=0sAQNzGEFs18VKT00sA+4p+GUKn9C55PYuPQca6C+9Qhj0jfMdQnTRTDLeI+lp9TnidHH7fVpq+PkfiF2LHlZtDwMurLlwzbNOghlEYKfQ080WlOTTUAmOLhAzH28MF70q3hzq0m5fCaVZWtxcV+LfHWdxceCkjBUSaTFtR2W12urFCBz+SB3+OM33aeIbfHxmck2yzhJ8xyMods5kF3ek/RZlFvgN8VqBdcFVrZwTh0mXDCGN12HNFixL6FzQ1jQKerKBbjb0m/IPqugvpVPWVIUajUpLMEmi1FAXc1mFZE9x1SFuSr0NzYIu2ZaHfvsAZY5oN+I+R2oC67fUCjgxY+t7 right=192.1.2.23 rightid="@east" rightnexthop=192.1.2.45 rightsubnet=192.0.2.0/24 rightrsakey=0sAQN3cn11FrBVbZhWGwRnFDAf8O9FHBmBIyIvmvt0kfkI2UGDDq8k+vYgRkwBZDviLd1p3SkL30LzuV0rqG3vBriqaAUUGoCQ0UMgsuX+k01bROLsqGB1QNXYvYiPLsnoDhKd2Gx9MUMHEjwwEZeyskMT5k91jvoAZvdEkg+9h7urbJ+kRQ4e+IHkMUrreDGwGVptV/hYQVCD54RZep6xp5ymaKRCDgMpzWvlzO80fP7JDjSZf9LI/MMu6c+qwXIKnWoNha75IhFyLWniVczxK2RdhmMhLsi0kC0CoOwWDSIEOb+5zbECDjjud+SF5tT8qRCWnSomX8jtbCdZ50WraQlL auto=ignore type=drop # end conn westnet-eastnet-drop # begin conn eastnet conn eastnet rightsubnet=192.0.2.0/24 auto=ignore type=tunnel compress=no pfs=yes rekey=yes authby=rsasig phase2=esp # end conn eastnet # begin conn westnet conn westnet leftsubnet=192.0.1.0/24 auto=ignore type=tunnel compress=no pfs=yes rekey=yes authby=rsasig phase2=esp # end conn westnet # begin conn west-east-base conn west-east-base left=192.1.2.45 leftid="@west" leftnexthop=192.1.2.23 leftrsakey=0sAQNzGEFs18VKT00sA+4p+GUKn9C55PYuPQca6C+9Qhj0jfMdQnTRTDLeI+lp9TnidHH7fVpq+PkfiF2LHlZtDwMurLlwzbNOghlEYKfQ080WlOTTUAmOLhAzH28MF70q3hzq0m5fCaVZWtxcV+LfHWdxceCkjBUSaTFtR2W12urFCBz+SB3+OM33aeIbfHxmck2yzhJ8xyMods5kF3ek/RZlFvgN8VqBdcFVrZwTh0mXDCGN12HNFixL6FzQ1jQKerKBbjb0m/IPqugvpVPWVIUajUpLMEmi1FAXc1mFZE9x1SFuSr0NzYIu2ZaHfvsAZY5oN+I+R2oC67fUCjgxY+t7 right=192.1.2.23 rightid="@east" rightnexthop=192.1.2.45 rightrsakey=0sAQN3cn11FrBVbZhWGwRnFDAf8O9FHBmBIyIvmvt0kfkI2UGDDq8k+vYgRkwBZDviLd1p3SkL30LzuV0rqG3vBriqaAUUGoCQ0UMgsuX+k01bROLsqGB1QNXYvYiPLsnoDhKd2Gx9MUMHEjwwEZeyskMT5k91jvoAZvdEkg+9h7urbJ+kRQ4e+IHkMUrreDGwGVptV/hYQVCD54RZep6xp5ymaKRCDgMpzWvlzO80fP7JDjSZf9LI/MMu6c+qwXIKnWoNha75IhFyLWniVczxK2RdhmMhLsi0kC0CoOwWDSIEOb+5zbECDjjud+SF5tT8qRCWnSomX8jtbCdZ50WraQlL auto=ignore type=tunnel compress=no pfs=yes rekey=yes authby=rsasig phase2=esp # end conn west-east-base # begin conn road-east-base conn road-east-base leftid="@road.testing.libreswan.org" leftrsakey=0sAQNxbOBmDqiNrUmn5q4kzBQ6I6pW/g2c8iDh3Y/KDtELBC6G0dASaaa95lV0cZT2kla681hVLzRF4MUCmFkH5ih514Nrwc5aptte49/70WotqcbvAhXeBX0zbg78gUPaT7CcUEAYxHoqHubao4mmfWlSrOnpf4crE/q3J6zH+8Z3bfsTGnpThgfNCItHpH7jkHPUYDilHsk0Zfd5fxjVDbl8JbQoT3P1KrdmpK7M1sXQhug12ocq8HlrXa3smJIq5b4T0rF+MYrThrNytNIEn53phuj6S8qmONin4usCqpUw50i2VqaBNQSY++/B57AqThFZNqt7TjqqT0CQ7tPRELgXwRvWA04GDhqBHHWoOrLdsR0p right=192.1.2.23 rightid="@east" rightnexthop=192.1.2.45 rightrsakey=0sAQN3cn11FrBVbZhWGwRnFDAf8O9FHBmBIyIvmvt0kfkI2UGDDq8k+vYgRkwBZDviLd1p3SkL30LzuV0rqG3vBriqaAUUGoCQ0UMgsuX+k01bROLsqGB1QNXYvYiPLsnoDhKd2Gx9MUMHEjwwEZeyskMT5k91jvoAZvdEkg+9h7urbJ+kRQ4e+IHkMUrreDGwGVptV/hYQVCD54RZep6xp5ymaKRCDgMpzWvlzO80fP7JDjSZf9LI/MMu6c+qwXIKnWoNha75IhFyLWniVczxK2RdhmMhLsi0kC0CoOwWDSIEOb+5zbECDjjud+SF5tT8qRCWnSomX8jtbCdZ50WraQlL auto=ignore type=tunnel compress=no pfs=yes rekey=yes authby=rsasig phase2=esp # end conn road-east-base # begin conn westnet-eastnet-x509 conn westnet-eastnet-x509 #also = west-east-x509 left=192.1.2.45 leftid="C=CA, ST=Ontario, O=Libreswan, L=Toronto, CN=west.testing.libreswan.org, E=west@libreswan.org" leftnexthop=192.1.2.23 leftsubnet=192.0.1.0/24 leftcert=west.crt right=192.1.2.23 rightid="C=ca, ST=Ontario, O=Libreswan, L=Toronto, CN=east.xelerance.com, E=testing.libreswan.org" rightnexthop=192.1.2.45 rightsubnet=192.0.2.0/24 rightcert=east.crt auto=ignore type=tunnel compress=no pfs=yes rekey=yes authby=rsasig phase2=esp # end conn westnet-eastnet-x509 # begin conn west-east-x509 conn west-east-x509 left=192.1.2.45 leftid="C=CA, ST=Ontario, O=Libreswan, L=Toronto, CN=west.testing.libreswan.org, E=west@libreswan.org" leftnexthop=192.1.2.23 leftcert=west.crt right=192.1.2.23 rightid="C=ca, ST=Ontario, O=Libreswan, L=Toronto, CN=east.xelerance.com, E=testing.libreswan.org" rightnexthop=192.1.2.45 rightcert=east.crt auto=ignore type=tunnel compress=no pfs=yes rekey=yes authby=rsasig phase2=esp # end conn west-east-x509 # begin conn north-east-x509 conn north-east-x509 left=192.1.2.49 leftid="C=ca/ST=Ontario/O=Libreswan/CN=north.testing.libreswan.org/Email=testing.libreswan.org" leftnexthop=192.1.2.23 leftcert=north.crt right=192.1.2.23 rightid="C=ca/ST=Ontario/O=Libreswan/CN=east.testing.libreswan.org/Email=testing.libreswan.org" rightnexthop=192.1.2.49 rightcert=east.crt auto=ignore type=tunnel compress=no pfs=yes rekey=yes authby=rsasig phase2=esp # end conn north-east-x509 # begin conn north-east conn north-east left=%any leftid="@north" leftnexthop=192.2.3.254 leftrsakey=0sAQPwDB+4k65xvxQ3qtPV6rUucJovYeRGnfv6T7HaeK/5TcBXDyhEDrfNLS13p5cJYUu13LJbeLYS9MQZSZq7PRsg8DsG1oVeDmJbQM9CaVKs9REMnTiRbzye3mDnsQQRRr63BnU/IMDJrmO54ZenkQIbtEkFOX6vm2gtmf/s8C0lPvQk/cNXgkHx6fTq3sZs7pUiFvspj/CrZTx4ShhFNkyvv6RrUu728HspGZwseoZqC7ZbIqnsMqjPeG65qLl+IRYk4s8yT6JBYjYxX96LoHf9V8v0Qbjq4LJm7UpaqX4EJscDRGPByVZaiAwntCU3uzc/NAlgyZJN14yzwXfv1kQUJFLDGYNBF+z0dqON+0DfuCTR right=192.1.2.23 rightid="@east" rightnexthop=192.1.2.254 rightrsakey=0sAQN3cn11FrBVbZhWGwRnFDAf8O9FHBmBIyIvmvt0kfkI2UGDDq8k+vYgRkwBZDviLd1p3SkL30LzuV0rqG3vBriqaAUUGoCQ0UMgsuX+k01bROLsqGB1QNXYvYiPLsnoDhKd2Gx9MUMHEjwwEZeyskMT5k91jvoAZvdEkg+9h7urbJ+kRQ4e+IHkMUrreDGwGVptV/hYQVCD54RZep6xp5ymaKRCDgMpzWvlzO80fP7JDjSZf9LI/MMu6c+qwXIKnWoNha75IhFyLWniVczxK2RdhmMhLsi0kC0CoOwWDSIEOb+5zbECDjjud+SF5tT8qRCWnSomX8jtbCdZ50WraQlL auto=ignore type=tunnel compress=no pfs=yes rekey=yes authby=rsasig phase2=esp # end conn north-east # begin conn us conn us rightsubnet=192.0.2.0/24 auto=ignore type=tunnel compress=no pfs=yes rekey=yes authby=rsasig phase2=esp # end conn us # begin conn them conn them leftsubnet=192.0.1.0/24 auto=ignore type=tunnel compress=no pfs=yes rekey=yes authby=rsasig phase2=esp # end conn them # begin conn packetdefault conn packetdefault left=%defaultroute leftnexthop=%defaultroute leftsubnet=0.0.0.0/0 right=%opportunistic rightsubnet=0.0.0.0/0 salifetime=1800 rekey=no keyingtries=3 ikelifetime=3600 auto=route type=tunnel compress=no pfs=yes rekey=yes authby=rsasig phase2=esp failureshunt=passthrough # end conn packetdefault # end of config