# /etc/ipsec.conf - Libreswan IPsec configuration file

config setup
	logfile=/tmp/pluto.log
	logtime=no
	logappend=no
	plutodebug=all
	protostack=netkey

conn nss-cert-incorrect
        left=192.1.2.45
        leftcert=west
        leftid="C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org"
	leftsubnet=192.0.1.254/32
        right=192.1.2.23
	# this is misconfigured on purpose, because we connect to east
        rightid="C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org"
	rightsubnet=192.0.2.254/32
	retransmit-timeout=10s

conn nss-cert-correct
        left=192.1.2.45
        leftcert=west
        leftid="C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org"
	leftsubnet=192.0.1.254/32
        right=192.1.2.23
        rightid="C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org"
	rightsubnet=192.0.2.254/32