# /etc/ipsec.conf - Libreswan IPsec configuration file

version 2.0

config setup
	# put the logs in /tmp for the UMLs, so that we can operate
	# without syslogd, which seems to break on UMLs
	plutostderrlog=/tmp/pluto.log
	plutorestartoncrash=false
	dumpdir=/var/tmp

conn	westnet-eastnet-x509-cr
	rightca="C=ca, ST=Ontario, O=Libreswan, CN=Libreswan test CA for mainca, E=testing.libreswan.org"
	leftsendcert=forced
	leftcerttype=0x04
	leftcert=WESTDER.CRT-needs-to-be-created
	leftsubnet=192.0.1.0/24
	rightsubnet=192.0.2.0/24
	# Left security gateway, subnet behind it, next hop toward right.
	left=192.1.2.45
	leftrsasigkey=%cert
	leftnexthop=192.1.2.23
	leftid="C=ca, ST=Ontario, O=Libreswan, L=Toronto, CN=west.testing.libreswan.org, E=testing.libreswan.org"
	# Right security gateway, subnet behind it, next hop toward left.
	right=192.1.2.23
	rightid="C=ca, ST=Ontario, O=Libreswan, L=Toronto, CN=east.testing.libreswan.org, E=testing.libreswan.org"
	rightrsasigkey=%cert
	rightcert=east.crt
	rightnexthop=192.1.2.45


include /testing/baseconfigs/all/etc/ipsec.d/ipsec.conf.common