# /etc/ipsec.conf - Libreswan IPsec configuration file

version 2.0

config setup
	# put the logs in /var/tmp for the UMLs, so that we can operate
	# without syslogd, which seems to break on UMLs
	plutodebug=all
	logfile=/tmp/pluto.log
	logtime=no
	logappend=no
	protostack=netkey
	dumpdir=/var/tmp

conn %default
	authby=rsasig
	left=192.1.2.45
	right=192.1.2.23
	rightsendcert=always
	leftid=%fromcert
	rightid=%fromcert
	auto=add

conn west
	leftcert=west

conn west-bcCritical
	leftcert=west-bcCritical

conn west-ekuCritical-eku-emailProtection
	leftcert=west-ekuCritical-eku-emailProtection

conn west-ekuOmit
	leftcert=west-ekuOmit

conn west-ku-keyAgreement
	leftcert=west-ku-keyAgreement

conn west-bcOmit
	leftcert=west-bcOmit

conn west-ekuCritical-eku-ipsecIKE
	leftcert=west-ekuCritical-eku-ipsecIKE

conn west-eku-serverAuth
	leftcert=west-eku-serverAuth

conn west-ku-nonRepudiation
	leftcert=west-ku-nonRepudiation

conn west-ekuCritical
	leftcert=west-ekuCritical

conn west-kuCritical
	leftcert=west-kuCritical

conn west-kuOmit
	leftcert=west-kuOmit

conn west-eku-clientAuth
	leftcert=west-eku-clientAuth

conn west-eku-ipsecIKE
	leftcert=west-eku-ipsecIKE

conn west-ku-keyAgreement-digitalSignature
	leftcert=west-ku-keyAgreement-digitalSignature

conn west-sanCritical
	leftcert=west-sanCritical

conn west-ekuBOGUS-bad
	leftcert=west-ekuBOGUS-bad