# /etc/ipsec.conf - Libreswan IPsec configuration file

version 2.0

config setup
	# put the logs in /tmp for the UMLs, so that we can operate
	# without syslogd, which seems to break on UMLs
	plutostderrlog=/tmp/pluto.log
	plutorestartoncrash=false
	dumpdir=/var/tmp
	nat_traversal=yes
	#virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.0.0.0/8
	virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12

conn northnet--eastnet-nat
	also=north-east
	also=eastnet
	also=northnet
	auto=ignore

conn northnet
	leftsubnet=vnet:%priv,%v4:192.0.0.0/8

# /etc/ipsec.conf - Libreswan IPsec configuration file

# conn for simulating OE.
# only used in test oe-fail-without-resp-client-txt-01
conn simulate-OE-east-west-1
	left=192.1.2.23		# east's public
	leftrsasigkey=%dnsondemand
	right=192.1.2.45	# west's public
	rightrsasigkey=%dnsondemand
	rightsubnet=192.0.1.1/32	# sunset's non-OE
	keyingtries=1	# fail quickly

include	/testing/baseconfigs/all/etc/ipsec.d/ipsec.conf.common

conn us
	rightsubnet=192.0.2.0/24

conn them
	leftsubnet=192.0.1.0/24