# /etc/ipsec.conf - Libreswan IPsec configuration file

version 2.0

config setup
	# put the logs in /tmp for the UMLs, so that we can operate
	# without syslogd, which seems to break on UMLs
	logfile=/tmp/pluto.log
	logtime=no
	logappend=no
	plutodebug=all
	protostack=netkey
	dumpdir=/tmp/

# only used in x509-pluto-02
conn north-east-x509-pluto-02
	ikev2=no
	also=eastnet
	also=northnet
	# Left security gateway, subnet behind it, next hop toward right.
	left=192.1.3.33
	#leftcert=north
	leftnexthop=192.1.3.254
	#leftid="C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org"
	leftid="C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=*, E=*"
	leftca="C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org"
	# Right security gateway, subnet behind it, next hop toward left.
	rightid=%fromcert
	rightca="C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org"
	right=192.1.2.23
	rightnexthop=192.1.2.254
	rightcert=east
	auto=ignore

include /testing/baseconfigs/all/etc/ipsec.d/ipsec.conf.common