# ipsec.conf
# FlexiPlatform: IPsec configuration file

config setup
        charonstart=yes
        plutostart=no
        uniqueids=no
        charondebug="knl 0,enc 0,net 0"
conn %default
        auto=route
        keyexchange=ikev2
        reauth=no
ca r2~v2
        cacert="/etc/ipsec/certs/ipsec.d/cacerts/cacert.pem"
conn r2~v2
        rekeymargin=500
        rekeyfuzz=100%
        left=20.0.0.1
        right=0.0.0.0
        leftsubnet=20.0.0.1/32
        rightsubnet=13.0.0.2/32
        leftprotoport=1
        rightprotoport=1
        authby=rsasig
        leftcert="/etc/ipsec/certs/ipsec.d/certs/cfpu-cert.pem"
        leftid=20.0.0.1
        rightid=%any
        ike=aes128-md5-modp768!
        esp=aes128-md5!
        type=tunnel
        ikelifetime=10000s
        keylife=5000s
        mobike=no
        auto=route
        reauth=no
        encapdscp=yes
        vrfid=0
ca r1~v1
       cacert="/etc/ipsec/certs/ipsec.d/cacerts/cacert.pem"
conn r1~v1
        rekeymargin=500
        rekeyfuzz=100%
        left=30.0.0.1
        right=0.0.0.0
        leftsubnet=30.0.0.1/32
        rightsubnet=14.0.0.2/32
        leftprotoport=1
        rightprotoport=1
        authby=rsasig
        leftcert="/etc/ipsec/certs/ipsec.d/certs/cfpu2-cert.pem"
        leftid=30.0.0.1
        rightid=%any
        ike=aes128-md5-modp768!
        esp=aes128-md5!
        type=tunnel
        ikelifetime=10000s
        keylife=5000s
        mobike=no
        auto=route
        reauth=no
        encapdscp=yes
        vrfid=2