# /etc/ipsec.conf - Libreswan IPsec configuration file

version 2.0

config setup
	# put the logs in /tmp for the UMLs, so that we can operate
	# without syslogd, which seems to break on UMLs
	protostack=klips
	plutostderrlog=/tmp/pluto.log
	plutorestartoncrash=false
	plutodebug=all
	dumpdir=/var/tmp
	nat_traversal=yes
	virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.0.0.0/8

include	/testing/baseconfigs/all/etc/ipsec.d/ipsec.conf.common

conn northnet-eastnet-nat
	# north
	left=%any
	also=northnet
	leftnexthop=192.1.3.254
	leftid="C=ca, ST=Ontario, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=testing@libreswan.org"
	# leftcert=north
	leftrsasigkey=%cert
	leftsendcert=always
	leftca=%same
	# east
	right=192.1.2.23
	also=eastnet
	rightnexthop=192.1.2.254
	rightid="C=ca, ST=Ontario, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=testing@libreswan.org"
	rightcert=east
	rightrsasigkey=%cert
	rightsendcert=always