# /etc/ipsec.conf - Libreswan IPsec configuration file

version 2.0

config setup
	# put the logs in /var/tmp for the UMLs, so that we can operate
	# without syslogd, which seems to break on UMLs
	plutodebug=all
	logfile=/tmp/pluto.log
	logtime=no
	logappend=no
	protostack=netkey
	dumpdir=/var/tmp

conn main
	authby=rsasig
	left=%any
	leftid="C=*, ST=*, L=Toronto, O=*, OU=*, CN=*, E=*"
	right=192.1.2.23
	# rightid=@east.testing.libreswan.org
	rightid=%fromcert
	rightcert=east
	rightsendcert=always
	rightca=%same
	leftca=%same

conn other
	authby=rsasig
	left=%any
	leftid=%fromcert
	right=192.1.2.23
	# rightid=@othereast.other.libreswan.org
	rightid=%fromcert
	rightcert=othereast
	rightsendcert=always
	rightca=%same
	leftca=%same