# /etc/ipsec.conf - Libreswan IPsec configuration file
#
# see 'man ipsec.conf' and 'man pluto' for more information
#
# For example configurations and documentation, see https://libreswan.org/wiki/

config setup
	# Normally, pluto logs via syslog.
	logfile=/var/log/pluto.log
	#
	# Do not enable debug options to debug configuration issues!
	#
	# plutodebug="control parsing"
	plutodebug=all,private,crypt,crypt-low
	#plutodebug=none
	#
	# NAT-TRAVERSAL support
	# exclude networks used on server side by adding %v4:!a.b.c.0/24
	# It seems that T-Mobile in the US and Rogers/Fido in Canada are
	# using 25/8 as "private" address space on their wireless networks.
	# This range has never been announced via BGP (at least up to 2015)
	#virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10
	protostack=netkey


# if it exists, include system wide crypto-policy defaults
include /etc/crypto-policies/back-ends/libreswan.config

# It is best to add your IPsec connections as separate files in /etc/ipsec.d/
include /etc/ipsec.d/*.conf

conn mysubnet
	left=10.38.149.28
	leftsubnet=10.19.19.0/24
	right=10.38.150.199
	rightsubnet=10.20.20.0/24
	rightprotoport=tcp/80
	authby=secret
	auto=add
	ike=3des-md5;modp2048
	ikev2=no
	phase2alg=aes256-sha1

conn myhost
	left=10.38.149.28
	right=10.38.150.199
	authby=secret
	auto=add
	ike=3des-md5;modp2048
	ikev2=no
	phase2alg=aes256-sha1