# /etc/ipsec.conf - Libreswan IPsec configuration file

version 2.0

config setup
	# put the logs in /var/tmp for the UMLs, so that we can operate
	# without syslogd, which seems to break on UMLs
	plutodebug=all
	logfile=/tmp/pluto.log
	logtime=no
	logappend=no
	protostack=netkey
	dumpdir=/var/tmp

conn ikev2-westnet-eastnet-x509-cr
	left=192.1.2.45
	leftid="%fromcert"
	leftnexthop=192.1.2.23
	leftsubnet=192.0.1.0/24
	leftcert=west-eku-ipsecIKE
	leftsourceip=192.0.1.254
	leftsendcert=alwayssend
	right=192.1.2.23
	rightid="%fromcert"
	rightnexthop=192.1.2.45
	rightsubnet=192.0.2.0/24
	rightsourceip=192.0.2.254
	rightsendcert=alwayssend
	retransmit-interval=15000
	authby=rsasig
	auto=ignore