### UIS VPN defaults
conn %default
 keyexchange=ikev2
 ikelifetime=60m
 keylife=20m
 rekeymargin=3m
 keyingtries=1
 eap_identity=%any
 reauth=no

### The University VPN service
conn CAM
# Client authentication settings
 left=%any
 leftid="username@cam.ac.uk"
 leftauth=eap
 leftsourceip=%config
 leftfirewall=yes

# Server verification settings
 right="vpn.uis.cam.ac.uk"
 rightid="C=GB, ST=Cambridgeshire, O=University of Cambridge, CN=vpn.uis.cam.ac.uk"
 rightca="C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority"
 rightsubnet=0.0.0.0/0

# Add connection (without initialising) IPsec at start-up 
 auto=add


### The University VPN service
conn IoA
# Use settings from the CAM connection
 also=CAM 

# Override verification settings
 right="vpn.ast.cam.ac.uk"
 rightid="C=GB, ST=Cambridgeshire, O=University of Cambridge, CN=vpn.ast.cam.ac.uk"


### Import global root CA
ca AAA
  cacert=/etc/ssl/certs/Comodo_AAA_Services_root.pem
# Add the CA at IPsec start-up
  auto=add