# /etc/ipsec.conf - Libreswan IPsec configuration file

config setup
	logfile=/tmp/pluto.log
	logtime=yes
	logappend=no
	plutodebug=all
	dumpdir=/tmp
	protostack=netkey

conn %default
	authby=secret
	mobike=yes
	esp=aes256-sha2

conn east-any
	left=%any
	leftaddresspool=192.0.3.10-192.0.3.19
	rightsubnet=0.0.0.0/0
	right=192.1.2.23

conn road-eastnet
	right=192.1.2.23
	left=%defaultroute
	rightsubnet=0.0.0.0/0
	narrowing=yes
	leftmodecfgclient=yes

# useful on road to able to ssh in and dignose
conn clear
	type=passthrough
	authby=never
	left=%defaultroute
	right=%group
	auto=ondemand