1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
# /etc/ipsec.conf - Libreswan IPsec configuration file
version 2.0
config setup
ikev1-policy=accept
# put the logs in /tmp for the UMLs, so that we can operate
# without syslogd, which seems to break on UMLs
logfile=/tmp/pluto.log
logtime=no
logappend=no
plutodebug=all
dumpdir=/var/tmp
virtual-private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.0.0.0/8
conn northnet-eastnet-nat
keyexchange=ikev1
# north
left=%any
# Causes failure to orient if it comes in through an include?
# leftsubnet=192.0.3.0/24
leftsubnet=192.0.3.0/24
leftnexthop=192.1.3.254
leftid="C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org"
# leftcert=north
leftsendcert=always
leftca=%same
# east
right=192.1.2.23
# Causes failure to orient if it comes in through an include?
# rightsubnet=192.0.2.0/24
rightsubnet=192.0.2.0/24
rightnexthop=192.1.2.254
rightid="C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org"
rightcert=east
rightsendcert=always
# this causes breakage
rightca=%same
|
