added ocsp-multi-level scenario
[strongswan.git] / testing / tests / ikev2 / ocsp-multi-level / hosts / moon / etc / ipsec.conf
1 # /etc/ipsec.conf - strongSwan IPsec configuration file
2
3 config setup
4         crlcheckinterval=180
5         strictcrlpolicy=yes
6         plutostart=no
7
8 ca strongswan
9         cacert=strongswanCert.pem
10         ocspuri=http://ocsp.strongswan.org:8880
11         auto=add
12
13 ca research
14         cacert=researchCert.pem
15         ocspuri=http://ocsp.strongswan.org:8881
16         auto=add
17
18 ca sales
19         cacert=salesCert.pem
20         ocspuri=http://ocsp.strongswan.org:8882
21         auto=add
22
23 conn %default
24         ikelifetime=60m
25         keylife=20m
26         rekeymargin=3m
27         keyingtries=1
28         keyexchange=ikev2
29         left=PH_IP_MOON
30         leftnexthop=%direct
31         leftcert=moonCert.pem
32         leftid=@moon.strongswan.org
33
34 conn alice
35         leftsubnet=PH_IP_ALICE/32
36         right=%any
37         rightca="C=CH, O=Linux strongSwan, OU=Research, CN=Research CA"
38         auto=add
39         
40 conn venus
41         leftsubnet=PH_IP_VENUS/32
42         right=%any
43         rightca="C=CH, O=Linux strongSwan, OU=Sales, CN=Sales CA"
44         auto=add