# /etc/ipsec.conf - Libreswan IPsec configuration file

version 2.0

config setup
	# put the logs in /tmp for the UMLs, so that we can operate
	# without syslogd, which seems to break on UMLs
	logfile=/tmp/pluto.log
	logtime=no
	logappend=no
	plutodebug=all
	dumpdir=/tmp
	uniqueids=yes
	protostack=netkey

conn north-east
	ikev2=no
	right=192.1.2.23
	rightcert=east
	rightsendcert=always
	rightid=%fromcert
	left=%any
	leftid=%fromcert
	authby=rsasig
	aggressive=yes
	# due to 3.19 bug in sendcert, just load the cert for now
	# this bug is tested in ikev1-aggr-sendcert-01
	leftcert=north
	leftsendcert=always
	ike=aes128-sha1;modp2048
	esp=aes128-sha1