# /etc/ipsec.conf - Libreswan IPsec configuration file

config setup
	logfile=/tmp/pluto.log
	logtime=no
	logappend=no
	plutodebug=all
	protostack=netkey

conn nss-cert
	ikev2=no
        # Left security gateway, subnet behind it, next hop toward right.
        left=192.1.2.45
        leftcert=signedbyother
	leftsubnet=192.0.1.254/32
        leftid=%fromcert
        leftnexthop=192.1.2.23
	leftsourceip=192.0.1.254
        # Right security gateway, subnet behind it, next hop toward left.
        right=192.1.2.23
        rightid=%fromcert
        #rightcert=east
	rightca="C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org"
        rightnexthop=192.1.2.45
	rightsubnet=192.0.2.254/32
	rightsourceip=192.0.2.254
	# test specific options
	leftsendcert=always
	rightsendcert=always