# /etc/ipsec.conf - Libreswan IPsec configuration file

version 2.0

config setup
	# put the logs in /tmp for the UMLs, so that we can operate
	# without syslogd, which seems to break on UMLs
	plutostderrlog=/tmp/pluto.log
	plutodebug=all
	plutorestartoncrash=false
	dumpdir=/tmp
	protostack=netkey
	nat_traversal=yes
	nhelpers=3

conn base
	authby=secret
	ike=aes128-sha1;modp2048
	esp=aes128-sha1;modp2048
	pfs=yes

conn c1
	also=base
	left=192.1.2.45
	right=192.1.2.23
	leftsubnets={10.0.1.0/24,10.0.2.0/24,10.0.3.0/24,10.0.4.0/24}
	rightsubnets={10.1.1.0/24,10.1.2.0/24,10.1.3.0/24,10.1.4.0/24}
	auto=add

conn c2
	also=base
	left=192.1.2.46
	right=192.1.2.24
	leftsubnets={10.3.1.0/24,10.3.2.0/24,10.3.3.0/24,10.3.4.0/24}
	rightsubnets={10.4.1.0/24,10.4.2.0/24,10.4.3.0/24,10.4.4.0/24}
	auto=add

conn c3
	also=base
	left=192.1.2.47
	right=192.1.2.25
	auto=add

conn c4
	also=base
	left=192.1.2.48
	right=192.1.2.26
	auto=add

conn c5
	also=base
	left=192.1.2.49
	right=192.1.2.27
	auto=add

conn c6
	also=base
	left=192.1.2.50
	right=192.1.2.28
	auto=add

conn c7
	also=base
	left=192.1.2.51
	right=192.1.2.29
	auto=add

include	/testing/baseconfigs/all/etc/ipsec.d/ipsec.conf.common