added multi-level-ca scenario
[strongswan.git] / testing / tests / ikev2 / multi-level-ca / hosts / moon / etc / ipsec.conf
1 # /etc/ipsec.conf - strongSwan IPsec configuration file
2
3 config setup
4         charondebug="cfg 2"
5         crlcheckinterval=180
6         strictcrlpolicy=no
7         plutostart=no
8
9 ca strongswan
10         cacert=strongswanCert.pem
11         crluri=http://crl.strongswan.org/strongswan.crl
12         auto=add
13
14 conn %default
15         ikelifetime=60m
16         keylife=20m
17         rekeymargin=3m
18         keyingtries=1
19         keyexchange=ikev2
20         left=PH_IP_MOON
21         leftnexthop=%direct
22         leftcert=moonCert.pem
23         leftsendcert=ifasked
24         leftid=@moon.strongswan.org
25
26 conn alice
27         leftsubnet=PH_IP_ALICE/32
28         right=%any
29         rightca="C=CH, O=Linux strongSwan, OU=Research, CN=Research CA"
30         auto=add
31         
32 conn venus
33         leftsubnet=PH_IP_VENUS/32
34         right=%any
35         rightca="C=CH, O=Linux strongSwan, OU=Sales, CN=Sales CA"
36         auto=add