# /etc/ipsec.conf - FreeS/WAN IPsec configuration file

version 2.0

config setup
	# put the logs in /tmp for the UMLs, so that we can operate
	# without syslogd, which seems to break on UMLs
	plutostderrlog=/tmp/pluto.log
	plutorestartoncrash=false
	dumpdir=/tmp
	oe=yes
	protostack=klips

# this is a manual conn, to change the default policy for when there is
# no eroute for a particular src/dst combination. This conn is so that
# we can make west as "promiscuous" (i.e. as insecure) as possible while
# testing east.
# Note: this conflicts with the implicit packetdefault conn
conn let-my-people-go
	type=passthrough
	leftsubnet=0.0.0.0/0
	left=%defaultroute
	rightsubnet=0.0.0.0/0
	right=192.1.2.23
	#auto=manual

include	/testing/baseconfigs/all/etc/ipsec.d/ipsec.conf.common


conn us
	rightsubnet=192.0.1.0/24

conn them
	leftsubnet=192.0.2.0/24