# /etc/ipsec.conf - Libreswan IPsec configuration file

version 2.0

config setup
	logfile=/tmp/pluto.log
	logtime=yes
	logappend=no
	plutodebug=all
	dumpdir=/tmp
	protostack=netkey
	dnssec-enable=yes
	dnssec-anchors=/testing/baseconfigs/all/etc/bind/keys/testing.key

conn %default
        rekeymargin=20s
        ikelifetime=90s
        salifetime=300

conn road-east-ikev2
        left=192.1.3.209
	leftid="@north.testing.libreswan.org"
	# north is the mismatched key and dns A record
	# also=road-leftrsasigkey
	also=north-leftrsasigkey
        right=192.1.2.23
	rightrsasigkey=%dnsondemand
        retransmit-interval=2000

include /testing/baseconfigs/all/etc/ipsec.d/ipsec.conf.common