summaryrefslogtreecommitdiffstats
path: root/certs
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2016-05-20 01:19:27 +0200
committerGuilhem Moulin <guilhem@fripost.org>2016-05-22 17:53:52 +0200
commit3fafa03aeb3640a86d9cd8c639d085df6a8d085d (patch)
treeba1bc3707aa20e3a80c08b1dd2726524333b3d21 /certs
parent1bdc6a1202f9cabea5f907c4213f2a6f902443b6 (diff)
Set up IPSec tunnels between each pair of hosts.
We use a dedicated, non-routable, IPv4 subnet for IPSec. Furthermore the subnet is nullrouted in the absence of xfrm lookup (i.e., when there is no matching IPSec Security Association) to avoid data leaks. Each host is associated with an IP in that subnet (thus only reachble within that subnet, either by the host itself or by its IPSec peers). The peers authenticate each other using RSA public key authentication. Kernel traps are used to ensure that connections are only established when traffic is detected between the peers; after 30m of inactivity (this value needs to be less than the rekeying period) the connection is brought down and a kernel trap is installed.
Diffstat (limited to 'certs')
-rw-r--r--certs/ipsec/antilop.pem32
-rw-r--r--certs/ipsec/benjamin.pem32
-rw-r--r--certs/ipsec/civett.pem31
-rw-r--r--certs/ipsec/elefant.pem32
-rw-r--r--certs/ipsec/giraff.pem31
-rw-r--r--certs/ipsec/mistral.pem32
6 files changed, 190 insertions, 0 deletions
diff --git a/certs/ipsec/antilop.pem b/certs/ipsec/antilop.pem
new file mode 100644
index 0000000..cdb3809
--- /dev/null
+++ b/certs/ipsec/antilop.pem
@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFbjCCA1agAwIBAgIJAK1L1Q45QyGyMA0GCSqGSIb3DQEBDQUAMEcxEDAOBgNV
+BAoMB0ZyaXBvc3QxETAPBgNVBAsMCFNTTGNlcnRzMQ4wDAYDVQQLDAVJUFNlYzEQ
+MA4GA1UEAwwHYW50aWxvcDAeFw0xNjA1MjExMzIwMjBaFw0yNjA1MTkxMzIwMjBa
+MEcxEDAOBgNVBAoMB0ZyaXBvc3QxETAPBgNVBAsMCFNTTGNlcnRzMQ4wDAYDVQQL
+DAVJUFNlYzEQMA4GA1UEAwwHYW50aWxvcDCCAiIwDQYJKoZIhvcNAQEBBQADggIP
+ADCCAgoCggIBAPZCYTbXuTseBaYueoPorgtGGUe6/e3j5SStzCwb4flNniqqVoCq
+JXxSg72IAmwTrsnUwWx/iNm/g7N15/509rW5mE+YXksoDYORig32F9TtVEinUuHz
+EDh+nYis/YzoOM1ErdDpQL880ydskTaqvKKLGdigaosvFUJMUYhqYPnw1opQIH5r
+6YRqTz9l8GThuA+6Ujb7mlvSv6Pk4pMcRNb3cnDoDD2YJ0U0gOXah6Sw9VEFmh/U
+bv0eietvLTy1RvqiC/I6IpR1kZb5jtTo5EHkXqc2hyDNppAWW59YmIoJNIFuC8/Q
+nFM2d9JIP6RGY0bu5TaYmM4xpnSzgX0dIQ9ysZXP8uqZj/StaONtohxxpqnUiT+X
+hQQdX2sW4/6vAyl5m6ukXqKPwapOuQN2ZDDRHWq68qoPu5w+b9AlKHUnpbxNh6JO
+6M3e09TPg/+uQ8OBw37fRixIvfZlpWeGy513l1NKlnJwkjiR8jmnsbMQ8yKLrXbH
+JXAXHI8J681JALVm1hi1uwr8N58Tg/L1MRpG1vIT9rmdNsUZWEWSmEt6FLWgKs5J
+bMIx4jILrvxxaGOa40G7JuKiaKN7u5RqRm3IBWeoNPQN+axZj2pe3n2AqMZP8a5p
+dYPz0mzE7xTCS++kYcmwHJwlylRbRGmAFHb22T/lnSR4WdaxcShnBI8hAgMBAAGj
+XTBbMBwGA1UdEQQVMBOBEWFkbWluQGZyaXBvc3Qub3JnMAwGA1UdEwEB/wQCMAAw
+DgYDVR0PAQH/BAQDAgKkMB0GA1UdDgQWBBQlgc0BvZLpfrqs9jXqUXVxMxYNlzAN
+BgkqhkiG9w0BAQ0FAAOCAgEAIJ85xKCU/s4EbcodFL6walMLsaXKnEHo0oY29EUv
+bGl+1qzlWuedwXti5ND+6a5iO8RMHtexOoQ+GTUBv/wMGgiElvkvtT9FsFxijnh3
+D4a3TqFQTVRTUuJVP/uULe18eScAyWVdArL1NJHDz/GoHjtUdzfCVKgTMNWIx4yC
+E5i3IGJsGDAFLl19N5if+TfGjj90QkH1TzC4jOF6Y3oxkY4ZVwLtb0E/uR/zk8HI
+9wF7lw2/5J+aqyyaWnsd66fzJGk/3lELWJbOvXN6KbS3YcWOhXrOV7ijdZRyaHWo
+jB7nWRjLfb8KUSNXnzq4/8Zs3ka6WeBDB1pd4glcKeaMOdm5K/NspsS8ziGWHeoQ
+XlFFxP/Msw5NlUvlSjZ3qZzNg4550Ci/FweBavGihSCakmkZMvq7Kvg67j6mStZS
+Qm5t+sVTiJ036+m1TcUpfRJ9VPkYFhA25Bk+XKctxTu2Hcs2P9Q60oO3BGkTIoPQ
+uKjE/HtTuLb7RtaMtUs8K1j9Pq9j9F271EAOb7JzQlhEt0w+QQyoiQVPOD0RZ6T3
+LAzXz0qX0fEk2DOf6jCjNJg4TJaWzLaVo4lkTv4dcYSvZlZnDwSX6h/LoizP6zYK
+voqUuBt9+hksXPenDT/lCaYv2w+C4NdzsH4FQ5FUNPVqGdyqA9pynDxrjELkTaNp
+DZw=
+-----END CERTIFICATE-----
diff --git a/certs/ipsec/benjamin.pem b/certs/ipsec/benjamin.pem
new file mode 100644
index 0000000..57c9052
--- /dev/null
+++ b/certs/ipsec/benjamin.pem
@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFcDCCA1igAwIBAgIJAJkbw4unO7z/MA0GCSqGSIb3DQEBDQUAMEgxEDAOBgNV
+BAoMB0ZyaXBvc3QxETAPBgNVBAsMCFNTTGNlcnRzMQ4wDAYDVQQLDAVJUFNlYzER
+MA8GA1UEAwwIYmVuamFtaW4wHhcNMTYwNTIxMTMyMTIwWhcNMjYwNTE5MTMyMTIw
+WjBIMRAwDgYDVQQKDAdGcmlwb3N0MREwDwYDVQQLDAhTU0xjZXJ0czEOMAwGA1UE
+CwwFSVBTZWMxETAPBgNVBAMMCGJlbmphbWluMIICIjANBgkqhkiG9w0BAQEFAAOC
+Ag8AMIICCgKCAgEAwOODNQ5sdVXFrzAeo9bChbauUP69uXoc6OP/l1xB9kjzmErE
+noAlVjKO05nUE6Uus03/RkEPdyaMCfKarAhbFHaowtylUjUcIsVJkGsem4vRtuLv
+929vLx4TdL8BN5NCMsXOecoI5z//lfJ4YVfpmLQ+OUM8kWNcHOPRpnLLZq/Pwvn9
+3WbzWmxlcmVZUwq66f0N9zBSk8678TikZGx2dJ/HZwigswo0PSxTIbvE2eoDdFoh
+i9RrBxpXTnsxCAXpFIV7SLobw+tQvuv+r2oK5oGOnHIGmJZWVC3bRIb+PPELeB1g
+3TfNz7bP5PRKpXnP0cdK/0J2A+vQqArr8ACsgzxsKUb7t9OASLH14fQ25FJ3nsc+
+CS9snXIxJourd5d2cyhMe3xBo0tzPLC8sc3mwIyuz60o0pOjvIfzlYyldtYk3CTC
+VKMs1UpLnea8DDIvzhWn+TLX2yAKS/KNG0Tw72aLc86ZUVKV0+fkwjRWtIAWSJQZ
+L/tOl4iDyU+T9dG9dDR1KlsfW0JBGTkyZOLZrSBVQvDj/aUQjgc8e54MghJsS5Qd
+AvD2rTO5liqB8YzHY77Nj2d4f5kqBHj41KwtGOQT4nXYI+rdOpkmkMj5kOGoeRIC
+Sv+eszXADnHHtoPS73rjej0gseibSvvm9n3iKkd5mm2N2oZ9Q5pF52CUFfMCAwEA
+AaNdMFswHAYDVR0RBBUwE4ERYWRtaW5AZnJpcG9zdC5vcmcwDAYDVR0TAQH/BAIw
+ADAOBgNVHQ8BAf8EBAMCAqQwHQYDVR0OBBYEFEDI1UY3Ng7TSEMllOYaasPL05JK
+MA0GCSqGSIb3DQEBDQUAA4ICAQCy/YSxqCu6r4H0+XPdoz9TYoIkW3V4f7nupw09
+q6Zhpnl4T5a7WJnY/6Pda9Y+4f1+uR1OMJ+kgH4K6RyCjzobgjEGpVlxBpmA/8Q/
+634zc1cUna/sa7Jd/taTnqTZRbT7C9aZyIkJoN0Cco/k8QI6gvsMmGDh37nS6keB
+opy5XBTVEcysH8JPVlVFwGm+FL7n45GM7A4ju6wujeyAJ9I7IxFJM5d8B5r6zt5L
+MAdMYdPDR6TRyKcmEbsb0Jq+dI8kQFRr0IApIb8m+Z3O0AyBqtdGX+EQIoXijGH0
+NRPN6YKPU1U0Ha2ti3VRalVSHuvk+/kBYNeCZA3DB0QT9obLOj/CrOMutfXtsNUU
+eG7x+L/sjHnVSaKOQ5rtAcoF1GrqAGnmZTN0H9IbAG8/WU9pefNHQt7V5+5xtDmA
+ywMHqRgYQKTD4CRhmGgqcHEr6ls7rhI7YbAoTgwbUMe9kHdVFiE3ZutYSkWln5E0
+Jc/K6LXo0kiwMgsEG98qNzlNRHsvp+UHuKaiuBD28HwLxGo1M5rp3MItm9FoMPpm
+tUcEp2/6RJLrSZNLU6Lx9ZF3HIj0e42e+laIfu46o8ZEIsvwac3iZN/nonxTGaoy
+n4W1AW/F8cXpO0YG7xtyHyTL+d/1WmurpXKgKmE+0mOMeAJjQn9G4aUl+/UkPlGb
+V/aK7w==
+-----END CERTIFICATE-----
diff --git a/certs/ipsec/civett.pem b/certs/ipsec/civett.pem
new file mode 100644
index 0000000..d0de31f
--- /dev/null
+++ b/certs/ipsec/civett.pem
@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFbDCCA1SgAwIBAgIJAN3ZQpjOL9/yMA0GCSqGSIb3DQEBDQUAMEYxEDAOBgNV
+BAoMB0ZyaXBvc3QxETAPBgNVBAsMCFNTTGNlcnRzMQ4wDAYDVQQLDAVJUFNlYzEP
+MA0GA1UEAwwGY2l2ZXR0MB4XDTE2MDUyMTEzMjE1NVoXDTI2MDUxOTEzMjE1NVow
+RjEQMA4GA1UECgwHRnJpcG9zdDERMA8GA1UECwwIU1NMY2VydHMxDjAMBgNVBAsM
+BUlQU2VjMQ8wDQYDVQQDDAZjaXZldHQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
+ggIKAoICAQDmnVdJXUgGbvTIH9jKK+eIHOkaJMAcC+lXLFAMee9t7YVsyrpmCdt4
+fVTQJFBwp9GiW1Y+dqBQBWvr9z6l/m68CsZOJoJ5Telmcv42tpoDtf0eEANo17/D
+VRbQHJzJmAZQ7OkyPGFSKQy9XUqLq1+OkM+zRuy8TvnUa0mLdHR5ykEJl0P541mW
+yn1LMQON5cRzVMHwTmDSnPhzn+7YQU2sHpHKJaLVPq+yXaN1JoUglySIjlquk6Ji
+paAwMer8CHXnnjoQw+L6/bsZCc02Zz96M/CDqlow88Ut6o6qFR6L3B8go3qgSbbU
+ERB4n9KcyUyhwp+joIE1J2TkEfguumVYrS/j00pHKz1Iug9z0HqXKesWEOwy0f9C
+AbdpEnmk7+3nU8zJVVqmJjbdB2OS4Cy3R0jeNNu4P581NxEktETCSl3+bwAhvTN0
+QAs3mWNLuVEREoPGQr3sUq9kRfKah09VVgSHsQutf6/7A5oNd8zx48Ff3Mn7miS6
+aDbuWPLjCdRYczBO3y2PBQeZDANqa3SSTZvQgRFXnkey1Em1UtMIB3KCTYTuPU7G
+jlm2q+T/f2yL5K3zNrF+6X8HIrFb6xIkoYy6SCNYH2S4bXsRI3KlCFH+mIHuQJg8
+hVTlNOABfOoM9ZXmt+9zkWcy4QQiUA6Rbrtu7JOg34PorIm6XYUANQIDAQABo10w
+WzAcBgNVHREEFTATgRFhZG1pbkBmcmlwb3N0Lm9yZzAMBgNVHRMBAf8EAjAAMA4G
+A1UdDwEB/wQEAwICpDAdBgNVHQ4EFgQUjtpNnjSQRjO6regLVnpSvcnBaxUwDQYJ
+KoZIhvcNAQENBQADggIBAOZgyZp5le0PLCzMU1Qp96jfPUF0u/hdScQ9EVRzXjGT
+S6qhrEv5XYOCxU4XBzika071FaYo8OrEV3oq+Y7MtdQbK3pMKhN7ilSiX/dYFM3t
+cUEHwZ14e5OJ0NZfyWXk0GvGNURqn7r/AZWrfGn+uSe+ndxAZuV363NxQYPVbtTi
+dK81lkyue3CwSGdGh3BgyRrQ86JWvcjpFaCQeOENUtwlBfGDNEwtQ7I52NIEKxpX
+3pDvE0/x14JSx9pO3BXK6SH1zt/8bXiW9A8XEkMoVsAOL1ntrzCCLPM6mP2JEoDD
+vAEr360T5T4cTTym+4Or3gPm9RMwEfca3ZHzZkxUXChKn+YZ4r9kpWVgIxoIGZdd
+ZeoA/oO2feLPHM4whBP6x4tyceoqLyA11Gaj5JKtLJTGIb+1zjni8IVuINuWN/YD
+ZOfn+lGsL/qft2hQ/UopSXDcnVj+dxPdcWaUCfTN3oOqLDSTmcR2bbLmVDL8oMef
+pZlaSIJ6p4dGQAs4lwvROE8WTb6b21rNZy7O4Po2jpH5fhHsxgqEByvloYenaadV
+Oian0DfuKXdI7K4v1kq6UfRRwR3LzNnE9Gy9aeSKyCFZhg67CAeKgt6i5VmgrDGw
+rbIpPky5FUpUHkA1WMxP1Wl1ZESZRVLV2A1rUD4gzZiVV3cEM85r98GSogBleXR7
+-----END CERTIFICATE-----
diff --git a/certs/ipsec/elefant.pem b/certs/ipsec/elefant.pem
new file mode 100644
index 0000000..25561ae
--- /dev/null
+++ b/certs/ipsec/elefant.pem
@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFbjCCA1agAwIBAgIJAO+HSCLdxxt9MA0GCSqGSIb3DQEBDQUAMEcxEDAOBgNV
+BAoMB0ZyaXBvc3QxETAPBgNVBAsMCFNTTGNlcnRzMQ4wDAYDVQQLDAVJUFNlYzEQ
+MA4GA1UEAwwHZWxlZmFudDAeFw0xNjA1MjExMzIyMjFaFw0yNjA1MTkxMzIyMjFa
+MEcxEDAOBgNVBAoMB0ZyaXBvc3QxETAPBgNVBAsMCFNTTGNlcnRzMQ4wDAYDVQQL
+DAVJUFNlYzEQMA4GA1UEAwwHZWxlZmFudDCCAiIwDQYJKoZIhvcNAQEBBQADggIP
+ADCCAgoCggIBALYLJRUZlY4xnWOJgaUsv9FDkTcTU2FtxMw4QHEL1lBRwl8gWx0O
+2bAfF4Jm9lGEMTjryDrMbx3YfonZ+jC7ZEisPNjuP7VpUgI9VIeN0L0W1f8ROvvB
+ByuRhC+1qitK1uU60jSQ+MdhkGeXz22d6xkthJi9v7ppx62rLlzQaS+GdumOuyvj
+hG3f+Mcw8u0Lw/stZ+PDEiG33DF/iDKWJvxq53SFk22BAsvpE1NfmY4RYZOz2qPK
+JGX2t6HPwwVW93vUKavAgYW2Tpy0iOoBi2zDU90md879Ttsju833NMk6g/RcrY15
+UsGep23LcXw/TGTzZa1Fsi8LxzfBwuTljmEye16j30HALxY7x68PmaPbER3WJy7A
+gvO3QuHKzU8fyTrTCBysCRlEnt37r0LyiAHeoaV3Ij5lXAG/2F5iJHLpW5Gv8uM9
+2wHjTCNTSF3L25rsKHUvNUbO9OcYCVXS2wEiysY/UEqOHW2C2auUmh+I0bbpYjjZ
+Xq/7KeGx43fdnmsG3W+KYtkZr4bvxZkscPAKvIMUx0DL/gjBA7Pv2BgMrF5XSxCj
+moFU8QSp/W4HWvajkwdZOR7dn1WWFL81Ctvbb4ago6u48AY6a4FHP3kbThDyQKDi
+8mL/YU35CiufgPX7N0k/pLYDViyRnC+WOi8Me5CPzZQSj7wtliyvGRKHAgMBAAGj
+XTBbMBwGA1UdEQQVMBOBEWFkbWluQGZyaXBvc3Qub3JnMAwGA1UdEwEB/wQCMAAw
+DgYDVR0PAQH/BAQDAgKkMB0GA1UdDgQWBBQ6/gMd6OCGn7QXO073QppLV5GfJDAN
+BgkqhkiG9w0BAQ0FAAOCAgEAVUOkssSdKXMP95GcnbIeGCCcZ3/mieYfOHZ4ndPV
+BaGd/4hmey29YNszRaAbAUOvdvnWHl3lcfgeu7H+qzKX/RpWnliL1CvtxNQ8ePor
+dNYpr6ah0MTwiP2dfxX6tLyH+rGaADz6IkeFZ/ZKO7CPcxfedjmY7Snk4mCDVmbZ
+XkDd1EkGePF6zU5wy/TRrckmoUm2cL2wXLv7hvIcDvKYta02+WspdRtKciw2RcNE
+2igIfTt69U6U4e5+g4jXTW3gI8wM2xjr1NDrzTTE8519mmpsfrQeOBHKOJgWjJWJ
+PjSwuaYrUIlYqB4mqL2BhakIuuH8P8Z68F9qelICiiSMGZu4wvZpIEDetaB0NlWP
+u5YE8kG/xD85p1bFC9H5/e7f8LKQz/ZxpazsKlUvMB0q4WBpTcoBrjnfjprLOjf8
+aeJ0kcAUSy8pR49rq7k9j8+onDqGoVV9mzAH9hzD1itU0hHKEB0uKH48XMRBhnUn
+ViXQZHRDuYDuUbvvKzss/Ul85S2OGwKWKUhOocFtDj57p38yCgbhffm31ja/N3Td
+hPLDA9u9oIL6Hh5GzDGdx7z4MoV1eTAQqCK/rk7XVHyt9hb1ADRETLT2NlgovkQq
+TFlHZ/9hCGAW8IcqzTDA4yCJ3XHZ8WLaUr9t3Rr7mUUnIB9cRJoZd3lkt/2bdvEI
+OHI=
+-----END CERTIFICATE-----
diff --git a/certs/ipsec/giraff.pem b/certs/ipsec/giraff.pem
new file mode 100644
index 0000000..1abb655
--- /dev/null
+++ b/certs/ipsec/giraff.pem
@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFbDCCA1SgAwIBAgIJAJJw5lIqPzO2MA0GCSqGSIb3DQEBDQUAMEYxEDAOBgNV
+BAoMB0ZyaXBvc3QxETAPBgNVBAsMCFNTTGNlcnRzMQ4wDAYDVQQLDAVJUFNlYzEP
+MA0GA1UEAwwGZ2lyYWZmMB4XDTE2MDUyMTEzMjI0N1oXDTI2MDUxOTEzMjI0N1ow
+RjEQMA4GA1UECgwHRnJpcG9zdDERMA8GA1UECwwIU1NMY2VydHMxDjAMBgNVBAsM
+BUlQU2VjMQ8wDQYDVQQDDAZnaXJhZmYwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
+ggIKAoICAQDFN5v7clsY27jVOmh4kHMiPqcLSb7IEeYZNHnvRd1Vm6F/HRsniXCq
+dujue1aoLscVLQMeiQd2R0g0oLIue8DG7FaQreWFmAmUK7kwsocQYZwgzLMvOtmc
+0eGnG4B4xJjQTDTAuetv8zVJAoclJTxki3oOlyUKvoRU67q0hD93xguyKxxwGMnL
+4qbrLcf7BrwTF2khWOEOy/PaYQDWxDFtoG6Z/HtG+PmiLD0EPbawZ3iUPXWCmXz3
+lftK+D4vL74MYRc6uy10XYT2yY0Lo9wxtPh1a918IBOuD+fP89povs/BWhI2BYyY
+NplXJAzgkNz8zA/UmRuLcy6SoXx8YLsIaiDOL9bV3WzhdTXwQ17DqLY2SYktcp5i
+Q5uC5IRLCY7moCTOMjeg6RDXaIz9DsShT0SNpxuZx/XF5g6HV/CdKMjNzKojPuMX
+rBiVCIM/sp+r1p9rk7jDWy2sbS0TXOMFQf+scf2BZtFipoNZDhNZ3LfYg+HI9Zjo
+Ic4GqSXQ5kS1n7OXxrh7XZCo/PzjVRxtJGnQCFEBtuGT10jF1Il7c4QPJgOa/XI0
+4OZE+nHcSfZjFXo1+hlJYcE+IggRSW+UzmKxbZYMrfKfgf+zwuaL3EC2XgzBuUjr
+YptvXT+AtC2eThwvts4TmE7WBsGMqgIt5BPkrgqILD+c16ty4uBqlQIDAQABo10w
+WzAcBgNVHREEFTATgRFhZG1pbkBmcmlwb3N0Lm9yZzAMBgNVHRMBAf8EAjAAMA4G
+A1UdDwEB/wQEAwICpDAdBgNVHQ4EFgQUTdOW7rIhDPUoInZJ3KBO+tvvHMEwDQYJ
+KoZIhvcNAQENBQADggIBADpn7Cv7Ua6jcA3gDfWqyx9DXH8q213b8ZSTiGdkwQjh
+7DMM98u04cOKu/PLDQKbsW5IldZnd7vcPOowp40LlXoXWfmJFOHUtjmWzHieqLnn
+9uxwVgqx1vtCP+XXNEKHc0LlVsRze0LQJducjtrV8cIOd7nnXyXwr5dc4Cb+u3SB
+28gwuUSapdnCpTKKNoWgFeRAxQMaaV1v3lfkO4UKdT4bHNl+9b4BhOKCVB6ujgvC
+R+iUoz2MAaP62m6f4pIPq+ftlaZFCbss6O6aCgqyCtt+8bTJZoGmig3iDzvzMK6D
+lYf8i9rnTeBglBA7pcVzpmDFdMLIod6fpFnVpnun6fxyuS23ch9aJR4osuGVVLY/
+zasF7bbYHQJcggCTdK3ZdCnTV8BjEXBtzJ5b4pD4x+EBeohZ3gV57Wlyr2RHhu7s
+IIDC9yp5B32gFhq58rKQz81cMC21eX25OiRFuLSP6DDQAuJYP3ULEs0GiGnG1+ly
+pMTbXMwmQAr/GPQutGLqVgv8OqtxkBiPj0ntuucyjq5u+6AQz5v+4rc9gTbzYenU
+io9pHYZJ5FQWHs1ouy3BAJstvn2HkKBBJu2SA8PfNw3WFysK6ERKEMjtIl/KASze
+X/TgfTYkoaDqFtJdK1eRlipWiIqBbqb3A3h4XpiDIXg7QcdNLnT4I2AkBs2n9Nv6
+-----END CERTIFICATE-----
diff --git a/certs/ipsec/mistral.pem b/certs/ipsec/mistral.pem
new file mode 100644
index 0000000..5267b8e
--- /dev/null
+++ b/certs/ipsec/mistral.pem
@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFbjCCA1agAwIBAgIJAIUSa/zsUYWuMA0GCSqGSIb3DQEBDQUAMEcxEDAOBgNV
+BAoMB0ZyaXBvc3QxETAPBgNVBAsMCFNTTGNlcnRzMQ4wDAYDVQQLDAVJUFNlYzEQ
+MA4GA1UEAwwHbWlzdHJhbDAeFw0xNjA1MjExMzIzMDlaFw0yNjA1MTkxMzIzMDla
+MEcxEDAOBgNVBAoMB0ZyaXBvc3QxETAPBgNVBAsMCFNTTGNlcnRzMQ4wDAYDVQQL
+DAVJUFNlYzEQMA4GA1UEAwwHbWlzdHJhbDCCAiIwDQYJKoZIhvcNAQEBBQADggIP
+ADCCAgoCggIBANHZ/qp0B3rFnhwHyXLXiLjrrDtfjTamYl/b0RSRv4DMQ3dml8hR
+jFjr6P4f/UJkIHev0g1MwOXEaH2QqMFBq7YNsCnEPyUdokNZ2MEk6RcaKzixLJZr
+hW1zQE6E44S3x1ZJzoqP2U4VA8nCKObIqsBcsciIBH8G2zTUz8oiNphUTn19XNq1
+K+wyqUX7O/ltq+ouUC/dQcLaS/CJIGAu9qqEZphou4W46kxXsApMgIY+9uD8bTCn
+tsRTtFdsEDDoL5tpZTndVRktavC2jV8DOTlSaX3QjlpParLFZR24KQUEJkjprixx
+xZ5Rbs7FhxCWjBd9PCS9aCr2dmjC5p9dQNFb5HOJTNkFQ5/UqmvKmOi95YPE+4LD
+4pN5w597L04yGVjokN+yanLpk91HNn3j4psMYgaHPRcefyZnZ64nNB5QZL8NVgGs
+L5IriWYzBKJyJhdtbZDIbjFIWBTBMy3H0eWZ3Lq43WH+F2jCUj4T+GRTwC3WZ+Xx
+lM/MdnPjDY+sOaRyh1Q9A6xzd38S1Pb/5s35Yq6TET/0jMFg7nuCEiEljBldhEoF
+TcvHa7K33myRFRx0oU6lALHEQ/3Q8fOcvUop14aFQPbSDfi4b2LmprXbDyeT1AaG
+zQl/fsknriQTHhBK6Sthk2nl7EQDu4wnsekGKFIdubNGaMrMvgI1ezqXAgMBAAGj
+XTBbMBwGA1UdEQQVMBOBEWFkbWluQGZyaXBvc3Qub3JnMAwGA1UdEwEB/wQCMAAw
+DgYDVR0PAQH/BAQDAgKkMB0GA1UdDgQWBBS4plbjknpBjMnP8y1rd+6V3Ukr+TAN
+BgkqhkiG9w0BAQ0FAAOCAgEAuNkWmCowz/8+NUL3gDBGIHrRXqlk+5YnD74j/ZrB
+45DBc7vTPj30+C9kBggfmJp9KY/WzpVge4OrvCj7t5HgVCpjA/o63s3zKpQMXqOK
+dSKPEGKqd1pI0rBfTcrdkSd151C3ThCZLfzdq5rQYaNLg4YcAOFjUox97vl5+Odk
+Mgo6VYyF8hKVtIB7IubL2Vcywg3kk3NDS85CCsN5lOWrnAOAvSP/CjIFLqDkuM2A
+L6n+tkcpDl213Xtnf8yzyl3Y0rmc0PtWcBLXOL7+euc5ja3gWVepvNfsnStUt6ik
+0TViwffHOc8N63n7yuADB9tH2+Bx0O32B+fMUzr4j3keOqDkvvxElng9LA2i0pzG
+Luw/jYarnFFwrvhKiwjS0JlmiJnKoclm/OiCl3eCtlQ9hEQfxHzx/n7Kj26W+4Ea
+TPyMbG2YkWuJ+iN+qFse4r6A/vp60BHY+pyyTcZmqiB1xPKqiAEnrYPfxpSnuYzV
+Qi+muD9xyr1IDanlOl4DqHMmhWW4WqUyJhrO9cOtokwvAhZq2r189e/wVlRs+Ysb
+lmpc6sxvx78mJVTJdkaMAac8BBUZ/cWZNIGcmc6XNpRlSIc4Lib9BAC3IVu9FpFA
+GnXpGOAUQ24SUtpt4O45pjbBTHR5ekeOL4sLge6g/lSqXrRBG7mSixGZGw3nbn1O
+gng=
+-----END CERTIFICATE-----