# /etc/ipsec.conf - Libreswan IPsec configuration file version 2.0 config setup # put the logs in /tmp for the UMLs, so that we can operate # without syslogd, which seems to break on UMLs logfile=/tmp/pluto.log logtime=no logappend=no dumpdir=/tmp protostack=netkey plutodebug=all virtual_private=%v4:192.1.3.0/24 conn %default ikev2=no conn modecfg-road-east also=modecfg-road-east-x509-base also=modecfg-east #also=modecfg-road conn modecfg-road left=%defaultroute conn modecfg-east-20 left=%any also=modecfg-road-east-x509-base leftaddresspool=192.0.2.100-192.0.2.200 conn modecfg-east-21 left=%any also=modecfg-road-east-x509-base leftaddresspool=192.0.2.1-192.0.2.200 conn modecfg-east left=%any leftaddresspool=192.0.2.100-192.0.2.200 conn modecfg-road-east-x509-base auto=ignore leftid=%fromcert rightxauthserver=yes leftxauthclient=yes rightmodecfgserver=yes leftmodecfgclient=yes right=192.1.2.23 rightsubnet=0.0.0.0/0 modecfgpull=yes modecfgdns="1.2.3.4, 5.6.7.8" xauthby=alwaysok leftcert=road rightid=%fromcert rightcert=east