# /etc/ipsec.conf - Libreswan IPsec configuration file

config setup
	logfile=/tmp/pluto.log
	logtime=no
	logappend=no
	plutodebug="all"
	dumpdir=/tmp
	dnssec-enable=yes
	dnssec-rootkey-file=""
	# dnssec-anchors=/testing/baseconfigs/all/etc/bind/dsset/dsset.all
	dnssec-anchors=/testing/baseconfigs/all/etc/bind/keys/testing.key

conn east
	rightid=@east.testing.libreswan.org
	leftid=%fromcert
	rightcert=east
	left=%any
	# listen only on ipv4
	right=%defaultroute
	rightsubnet=192.0.2.128/25
	narrowing=yes
	leftmodecfgclient=yes
	leftaddresspool=192.0.2.1-192.0.2.10
	modecfgdns="1.2.3.4, 8.8.8.8"
	authby=rsasig

conn road
	leftid=%fromcert
        leftcert=road
        rightid=@east.testing.libreswan.org
        left=%defaultroute
        right=east46.testing.libreswan.org
        narrowing=yes
        leftmodecfgclient=yes
	leftsubnet=0.0.0.0/0
	rightsubnet=192.0.2.128/25
	authby=rsasig