# /etc/ipsec.conf - Libreswan IPsec configuration file

config setup
	# put the logs in /tmp for the UMLs, so that we can operate
	# without syslogd, which seems to break on UMLs
	logfile=/tmp/pluto.log
	logtime=no
	logappend=no
	dumpdir=/tmp
	protostack=netkey
	plutodebug=all

conn westnet-eastnet-propnum
	also=westnet-eastnet
	# prop 2 matches; same modp to avoid INVALID_KE
	# east: ike=3des-md5;modp2048,aes-sha1;modp2048
	ike=aes-sha1;modp2048,3des-md5;modp2048
	# prop 1 matches
	esp=aes-sha1,3des-md5

include	/testing/baseconfigs/all/etc/ipsec.d/ipsec.conf.common