# /etc/ipsec.conf - Libreswan IPsec configuration file

config setup
	logfile=/tmp/pluto.log
	logtime=no
	logappend=no
	plutodebug=all
	protostack=netkey

conn nss-cert-chain
	ikev2=no
        # Left security gateway, subnet behind it, next hop toward right.
        left=192.1.2.45
        leftcert=west_chain_endcert
	leftsubnet=192.0.1.254/32
        leftid=%fromcert
        leftnexthop=192.1.2.23
	leftsourceip=192.0.1.254
        # Right security gateway, subnet behind it, next hop toward left.
        right=192.1.2.23
        rightid=%fromcert
        #rightcert=east
        rightnexthop=192.1.2.45
	rightsubnet=192.0.2.254/32
	rightsourceip=192.0.2.254
	# test specific options
	leftsendcert=always
	rightsendcert=always
	sendca=issuer