# /etc/ipsec.conf - Libreswan IPsec configuration file

version 2.0

config setup
	# put the logs in /var/tmp for the UMLs, so that we can operate
	# without syslogd, which seems to break on UMLs
	plutodebug="all private"
	plutostderrlog=/tmp/pluto.log
	plutorestartoncrash=false
	dumpdir=/var/tmp
	nat_traversal=yes
	virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.0.2.0/24,%v6:!2001:db8:0:2::/64

conn	ikev2-westnet-eastnet-x509-cr
	#rightca="C=ca, ST=Ontario, O=Libreswan, CN=Libreswan test CA for mainca, E=testing.libreswan.org"
	rightca="%any"
	leftca="%any"
	left=192.1.2.45
	leftnexthop=192.1.2.23
	leftid="C=ca, ST=Ontario, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=testing.libreswan.org"
	leftrsasigkey=%cert
	rightid="C=ca, ST=Ontario, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=testing.libreswan.org"
	right=192.1.2.23
	rightnexthop=192.1.2.45
	rightrsasigkey=%cert
	rightcert=/etc/ipsec.d/certs/east.crt
	rightsendcert=always
	authby=rsasig
	auto=add
	ikev2=yes
	

include /testing/baseconfigs/all/etc/ipsec.d/ipsec.conf.common