# ipsec.conf
# FlexiPlatform: IPsec configuration file

config setup
        charonstart=yes
        plutostart=no
        uniqueids=no
        charondebug="knl 0,enc 0,net 0"
conn %default
        auto=route
        keyexchange=ikev2
        reauth=no
ca r2~v2
        cacert="/etc/ipsec/certs/ipsec.d/cacerts/cacert.pem"
conn r2~v2
        rekeymargin=50
        rekeyfuzz=100%
        left=13.0.0.2
        right=20.0.0.1
        leftsubnet=13.0.0.2/32
        rightsubnet=20.0.0.1/32
        leftprotoport=1
        rightprotoport=1
        authby=rsasig
        leftcert="/etc/ipsec/certs/ipsec.d/certs/eipu-cert.pem"
        leftid=13.0.0.2
        rightid=%any
        ike=aes128-md5-modp768!
        esp=aes128-md5!
        type=tunnel
        ikelifetime=10000s
        keylife=5000s
        mobike=no
        auto=route
        reauth=no
        encapdscp=yes
        vrfid=0
ca r1~v1
       cacert="/etc/ipsec/certs/ipsec.d/cacerts/cacert.pem"
conn r1~v1
        rekeymargin=50
        rekeyfuzz=100%
        left=14.0.0.2
        right=30.0.0.1
        leftsubnet=14.0.0.2/32
        rightsubnet=30.0.0.1/32
        leftprotoport=1
        rightprotoport=1
        authby=rsasig
        leftcert="/etc/ipsec/certs/ipsec.d/certs/eipu2-cert.pem"
        leftid=14.0.0.2
        rightid=%any
        ike=aes128-md5-modp768!
        esp=aes128-md5!
        type=tunnel
        ikelifetime=10000s
        keylife=5000s
        mobike=no
        auto=route
        reauth=no
        encapdscp=yes
        vrfid=2