# /etc/ipsec.conf - Libreswan IPsec configuration file

version 2.0

config setup
	# put the logs in /var/tmp for the UMLs, so that we can operate
	# without syslogd, which seems to break on UMLs
	plutodebug=all
	logfile=/tmp/pluto.log
	logtime=no
	logappend=no
	protostack=netkey
	dumpdir=/var/tmp

conn ikev2-westnet-eastnet-x509-cr
	authby=rsasig
	#rightca="C=CA, ST=Ontario, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing.libreswan.org"
	rightca="%any"
	left=192.1.2.45
	leftnexthop=192.1.2.23
	leftcert=west
	leftsendcert=always
	#leftid="C=CA, ST=Ontario, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=testing.libreswan.org"
	leftid=%fromcert
	#rightid="C=CA, ST=Ontario, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=testing.libreswan.org"
	rightid=%fromcert
	right=192.1.2.23
	rightnexthop=192.1.2.45
	leftca="%any"

conn ikev2-westnet-eastnet-x509-cr-naw
	also=westnet-eastnet-x509
	authby=rsasig
	leftsendcert=always
	#leftid="C=CA, ST=Ontario, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=testing.libreswan.org"
	rightsendcert=always
	#rightid="C=CA/ST=Ontario/O=Libreswan/OU=Test Department/CN=east.testing.libreswan.org/E=testing.libreswan.org"
	
include /testing/baseconfigs/all/etc/ipsec.d/ipsec.conf.common