# /etc/ipsec.conf - Libreswan IPsec configuration file

version 2.0

config setup
	# put the logs in /tmp for the UMLs, so that we can operate
	# without syslogd, which seems to break on UMLs
	logfile=/tmp/pluto.log
	logtime=no
	logappend=no
	plutodebug=all
	protostack=netkey
	dumpdir=/tmp
	virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.0.1.0/24,%v6:!2001:db8:0:1::/64
	# bogus: should be under "conn" - older versions crashed in parser
	retransmit-interval=200

conn westnet-eastnet-ikev2
	authby=rsasig
	left=192.1.2.45
	leftid="%fromcert"
	leftnexthop=192.1.2.23
	leftsubnet=192.0.1.0/24
	leftcert=west
	right=192.1.2.23
	rightid="%fromcert"
	rightnexthop=192.1.2.45
	rightsubnet=192.0.2.0/24
	rightcert=east
	retransmit-interval=15000 # slow retransmits