# /etc/ipsec.conf - Libreswan IPsec configuration file

config setup
	logfile=/tmp/pluto.log
	logtime=no
	logappend=no
	dumpdir=/tmp
	protostack=netkey
	plutodebug=all
	virtual_private=%v4:192.1.3.0/24

conn %default
	ikev2=no

conn road-east
	also=modecfg-road-east-x509-base
	also=road

conn road
	left=%defaultroute
	retransmit-interval=2500
	retransmit-timeout=6s

conn east-road
	also=modecfg-road-east-x509-base
	also=east

conn east
	left=%any
	leftaddresspool=192.0.2.100-192.0.2.200
	retransmit-interval=2000
	retransmit-timeout=6s
	xauthby=alwaysok

conn modecfg-road-east-x509-base
	leftid=%fromcert
	rightxauthserver=yes
	leftxauthclient=yes
	rightmodecfgserver=yes
	leftmodecfgclient=yes
	right=192.1.2.23
	rightsubnet=0.0.0.0/0
	modecfgpull=yes
	modecfgdns="1.2.3.4, 5.6.7.8"
	leftcert=road
	rightid=%fromcert
	rightcert=east
	keyingtries=1