# Constellation Pod IP range to expose via VPN. The default is for GCP.
podCIDR: "10.10.0.0/16"

# Constellation Service IPs to expose via VPN. The default is for GCP.
serviceCIDR: "10.96.0.0/12"

# on-prem IP ranges to expose to Constellation. Must contain at least one CIDR.
peerCIDRs: []

# MTU to set on the VPN route. Leave empty if path MTU discovery is supported end-to-end.
# See also https://docs.strongswan.org/docs/5.9/howtos/forwarding.html#_mtumss_issues.
mtu: 1300

# IPSec configuration
ipsec:
  # pre-shared key used for authentication
  psk: ""
  # Address of the peer's gateway router.
  peer: ""

image: "ghcr.io/edgelesssys/constellation/vpn@sha256:88b6a0265052cb0a68d20d9b20e0d42ef15e7a80e5f71201ecf32e004de2356e"