# /etc/ipsec.conf - Libreswan IPsec configuration file

version 2.0

config setup
	interfaces="ipsec0=eth0"

# note that connaddrfamily=ipv6 is kinda a bad option.
# It is only needed if host-host is ipv6 of subnet-subnet
# is ipv6. The latter could be over ipv4 hosts!

conn ipv6-host
	left=2001:db8:1:2::45
	leftnexthop=2001:db8:1:2::23
	right=2001:db8:1:2::23
	rightnexthop=2001:db8:1:2::45
	connaddrfamily=ipv6

conn ipv6-subnet
	left=2001:db8:1:2::45
	leftnexthop=2001:db8:1:2::23
	leftsubnet=2001:db8:0:1::/64
	leftsourceip=2001:db8:0:1::45
	right=2001:db8:1:2::23
	rightnexthop=2001:db8:1:2::45
	rightsubnet=2001:db8:0:2::/64
	rightsourceip=2001:db8:0:2::23/64
	connaddrfamily=ipv6

conn ipv6-subnet-over-v4
	leftsubnet=2001:db8:0:1::/64
	rightsubnet=2001:db8:0:2::/64
	connaddrfamily=ipv6
	left=192.1.2.45
	leftnexthop=192.1.2.23
	right=192.1.2.23
	rightnexthop=192.1.2.45

conn ipv4-subnet-over-v6
	left=2001:db8:1:2::45
	leftnexthop=2001:db8:1:2::23
	leftsubnet=192.0.1.0/24
	leftsourceip=2001:db8:0:1::45
	right=2001:db8:1:2::23
	rightnexthop=2001:db8:1:2::45
	rightsubnet=192.0.2.0/24
	rightsourceip=2001:db8:0:2::23/64
	#connaddrfamily=ipv4