# /etc/ipsec.conf - Libreswan IPsec configuration file

config setup
	# put the logs in /tmp for the UMLs, so that we can operate
	# without syslogd, which seems to break on UMLs
	logfile=/tmp/pluto.log
	logtime=no
	logappend=no
	dumpdir=/tmp
	protostack=netkey
	plutodebug=all

include	/testing/baseconfigs/all/etc/ipsec.d/ipsec.conf.common

conn westnet-eastnet-ikev2-base
	also=westnet-eastnet

conn westnet-eastnet-ikev2-modp1536
	also=westnet-eastnet-ikev2-base
	ike=aes-sha2;modp1536
	esp=aes-sha2;modp1536

conn westnet-eastnet-ikev2-modp2048
	also=westnet-eastnet-ikev2-base
	ike=aes-sha2;modp2048
	esp=aes-sha2;modp2048

conn westnet-eastnet-ikev2-modp3072
	also=westnet-eastnet-ikev2-base
	ike=aes-sha2;modp3072
	esp=aes-sha2;modp3072

conn westnet-eastnet-ikev2-modp4096
	also=westnet-eastnet-ikev2-base
	ike=aes-sha2;modp4096
	esp=aes-sha2;modp4096

conn westnet-eastnet-ikev2-modp8192
	also=westnet-eastnet-ikev2-base
	ike=aes-sha2;modp8192
	esp=aes-sha2;modp8192

conn westnet-eastnet-ikev2-dh19
	also=westnet-eastnet-ikev2-base
	ike=aes-sha2;dh19
	esp=aes-sha2;dh19

conn westnet-eastnet-ikev2-dh20
	also=westnet-eastnet-ikev2-base
	ike=aes-sha2;dh20
	esp=aes-sha2;dh20

conn westnet-eastnet-ikev2-dh21
	also=westnet-eastnet-ikev2-base
	ike=aes-sha2;dh21
	esp=aes-sha2;dh21

conn westnet-eastnet-ikev2-dh31
	also=westnet-eastnet-ikev2-base
	ike=aes-sha2;dh31
	esp=aes-sha2;dh31
# dh20 is not in east's default proposal list
conn westnet-eastnet-ikev2-dh20-fallback
	also=westnet-eastnet-ikev2-base
	ike=aes-sha2;dh20,aes-sha2;modp2048
	esp=aes-sha2