# /etc/ipsec.conf - Libreswan IPsec configuration file

version 2.0

config setup
	# put the logs in /tmp for the UMLs, so that we can operate
	# without syslogd, which seems to break on UMLs
	logfile=/tmp/pluto.log
	logtime=no
	logappend=no
	dumpdir=/tmp
	protostack=netkey
	plutodebug=all

conn %default
	ikev2=no

conn modecfg-road-eastnet-psk
	also=road-eastnet-psk
	rightmodecfgclient=yes
	rightxauthclient=yes
	rightsubnet=192.0.2.209/32
	leftxauthserver=yes
	leftmodecfgserver=yes
	modecfgdns="1.2.3.4, 5.6.7.8"
	# for openswan test, comment out next two lines
	modecfgdomains="libreswan.org"
	xauthby=alwaysok
	modecfgpull=yes

conn road-eastnet-psk
	also=road-east-psk
	right=%any
	ike=3des-sha1
	aggressive=no
	authby=secret
	leftsubnet=192.0.2.0/24

conn road-east-psk
	left=192.1.2.23
	leftid=@east
	rightid=@roadrandom

include	/testing/baseconfigs/all/etc/ipsec.d/ipsec.conf.common