# /etc/ipsec.conf - Openswan IPsec configuration file

version 2.0

config setup
	# put the logs in /tmp for the UMLs, so that we can operate
	# without syslogd, which seems to break on UMLs
	plutostderrlog=/tmp/pluto.log
        plutodebug="all"
	plutorestartoncrash=false
	dumpdir=/tmp

conn westnet--eastnet-ikev2
	also=west-east-base
	also=westnet
	also=eastnet
	ikev2=insist
	authby=secret
	#auto=start
	# the ike= line is not on east
	ike=aes128-sha1-modp2048

include	/etc/ipsec.d/ipsec.conf.common

conn us
	rightsubnet=192.0.2.0/24

conn them
	leftsubnet=192.0.1.0/24