multi-level-ca-strict scenario added
[strongswan.git] / testing / tests / ikev2 / multi-level-ca-strict / hosts / moon / etc / ipsec.conf
1 # /etc/ipsec.conf - strongSwan IPsec configuration file
2
3 config setup
4         crlcheckinterval=180
5         strictcrlpolicy=yes
6         plutostart=no
7
8 ca strongswan
9         cacert=strongswanCert.pem
10         crluri=http://crl.strongswan.org/strongswan.crl
11         auto=add
12
13 conn %default
14         ikelifetime=60m
15         keylife=20m
16         rekeymargin=3m
17         keyingtries=1
18         keyexchange=ikev2
19         left=PH_IP_MOON
20         leftcert=moonCert.pem
21         leftsendcert=ifasked
22         leftid=@moon.strongswan.org
23
24 conn alice
25         leftsubnet=PH_IP_ALICE/32
26         right=%any
27         rightca="C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
28         auto=add
29         
30 conn venus
31         leftsubnet=PH_IP_VENUS/32
32         right=%any
33         rightca="C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
34         auto=add