# /etc/ipsec.conf - Libreswan IPsec configuration file config setup logfile=/tmp/pluto.log logtime=no logappend=no plutodebug=all protostack=netkey conn nss-cert # Left security gateway, subnet behind it, next hop toward right. left=192.1.2.45 #leftcert=west leftsubnet=192.0.1.254/32 leftid="C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=*, E=*" leftca="C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org" leftnexthop=192.1.2.23 leftsourceip=192.0.1.254 # Right security gateway, subnet behind it, next hop toward left. right=192.1.2.23 rightid=%fromcert rightcert=east rightnexthop=192.1.2.45 rightsubnet=192.0.2.254/32 rightsourceip=192.0.2.254 # test specific options leftsendcert=always rightsendcert=always