# /etc/ipsec.conf - Libreswan IPsec configuration file

version 2.0

config setup
	# put the logs in /var/tmp for the UMLs, so that we can operate
	# without syslogd, which seems to break on UMLs
	plutodebug=all
	logfile=/tmp/pluto.log
	logtime=no
	logappend=no
	protostack=netkey
	dumpdir=/var/tmp

conn main-north
	authby=rsasig
	left=%any
	leftid=%fromcert
	#leftid="C=*, ST=*, L=*, O=*, OU=*, CN=road.testing.libreswan.org, E=*"
	right=192.1.2.23
	#rightid=@north.testing.libreswan.org
	rightid="C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org"
	#rightid=%fromcert
	rightcert=north
	rightsendcert=always
	rightca=%same
	leftca=%same

conn main-east
	authby=rsasig
	left=%any
	leftid=%fromcert
	#leftid="C=*, ST=*, L=*, O=*, OU=*, CN=west.testing.libreswan.org, E=*"
	right=192.1.2.23
	#rightid=@east.testing.libreswan.org
	rightid="C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org"
	#rightid=%fromcert
	rightcert=east
	rightsendcert=always
	rightca=%same
	leftca=%same