# /etc/ipsec.conf - Libreswan IPsec configuration file

version 2.0

config setup
	logfile=/tmp/pluto.log
	logtime=no
	logappend=no
	plutodebug=all
	dumpdir=/tmp
	protostack=netkey
	dnssec-enable=yes
	dnssec-rootkey-file=""
	# dnssec-anchors=/testing/baseconfigs/all/etc/bind/dsset/dsset.all
	dnssec-anchors=/testing/baseconfigs/all/etc/bind/keys/testing.key

conn road-east
        left=192.1.3.209
        leftid="@road.testing.libreswan.org"
        leftrsasigkey=%dnsondemand
        right=192.1.2.23
        rightid="@east"
        rightrsasigkey=0sAQO9bJbr33iJs+13DaF/e+UWwsnkfZIKkJ1VQ7RiEwOFeuAme1QfygmTz/8lyQJMeMqU5T6s0fmo5bt/zCCE4CHJ8A3FRLrzSGRhWPYPYw3SZx5Zi+zzUDlx+znaEWS2Ys1f040uwVDtnG4iDDmnzmK1r4qADy5MBVyCx40pAi67I1/b8p61feIgcBpj845drEfwXCZOsdBCYFJKsHclzuCYK0P0x1kaZAGD6k7jGiqSuFWrY91LcEcp3Om0YL9DTViPZHOVcKw1ibLCnNRiwF9WX60b5d1Jk2r1I4Lt1OfV8VXyLaImpjZTL5T7mSJcR8xtgDCIljgM9fLtN9AJ1QePae+pmc5NGneeOcQ488VRUUjv
        retransmit-interval=2000
	# using auto=add because we restart ipsec and want the conn to load
	auto=add