diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..5602298
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,8 @@
+*.pyc
+*.log
+*.req
+*.state
+*.sublime*
+tmp
+*.original
+*.directory
diff --git a/M2LPlugin/Readme.md b/M2LPlugin/Readme.md
new file mode 100644
index 0000000..0d7efd8
--- /dev/null
+++ b/M2LPlugin/Readme.md
@@ -0,0 +1 @@
+PSA M2LPlugin placeholder 
diff --git a/MSPL/Readme.md b/MSPL/Readme.md
new file mode 100644
index 0000000..045e396
--- /dev/null
+++ b/MSPL/Readme.md
@@ -0,0 +1 @@
+PSA MSPL placeholder
diff --git a/NED_files/TVDM/PSAManifest/strongswan b/NED_files/TVDM/PSAManifest/strongswan
new file mode 100644
index 0000000..6ace8ea
--- /dev/null
+++ b/NED_files/TVDM/PSAManifest/strongswan
@@ -0,0 +1,22 @@
+{
+	"PSA_id":"strongswan",
+	"disk": "corporate-vpnPSA.qcow2",
+	"interface": [
+			{
+			"network":"data", 
+			"type":"data_in"
+			},
+			{
+			"network":"data", 
+			"type":"data_out"
+			},
+			{
+			"network":"control", 
+			"type":"manage"
+			}
+		],
+	"memory": "1024",
+	"IP": true,
+	"os-architecture": "x86_64",
+	"vcpu": "1"
+}
diff --git a/NED_files/TVDM/psaConfigs/strongswan/strongswan_user8 b/NED_files/TVDM/psaConfigs/strongswan/strongswan_user8
new file mode 100644
index 0000000..baef919
--- /dev/null
+++ b/NED_files/TVDM/psaConfigs/strongswan/strongswan_user8
@@ -0,0 +1,20 @@
+{
+  "default": {
+    "keyexchange": "ikev2",
+    "rekeymargin": "3m",
+    "keyingtries": "3",
+    "ikelifetime": "60m"
+  },
+  "psa": {
+    "rightsubnet": "0.0.0.0/0",
+    "leftfirewall": "yes",
+    "leftsourceip": "%config",
+    "auto": "add",
+    "left": "%any",
+    "leftsubnet": "10.2.2.0/16",
+    "leftcert": "ClientCert.pem",
+    "rightid": "@vpn.secured.eu",
+    "leftid": "psa@secured.eu",
+    "right": "147.83.42.191"
+  }
+}
\ No newline at end of file
diff --git a/NED_files/TVDM/userGraph/user8 b/NED_files/TVDM/userGraph/user8
new file mode 100644
index 0000000..f9f66c8
--- /dev/null
+++ b/NED_files/TVDM/userGraph/user8
@@ -0,0 +1,26 @@
+{
+	"name": "user_profile_type",
+	"user_token": "",
+	"profile_type": "AD",			
+
+	"PSASet": [
+		
+		{
+			"id": "strongswan",
+			"security_controls": [
+				
+				{
+					"imgName": "strongswan.img",
+					"conf_id":"strongswan_user8"
+				}
+				
+			] 
+			
+		}
+
+	], 
+	
+	"ingress_flow": ["strongswan"],
+	"egress_flow": ["strongswan"]
+
+}
diff --git a/PSA/Config.py b/PSA/Config.py
new file mode 100644
index 0000000..a3ccc69
--- /dev/null
+++ b/PSA/Config.py
@@ -0,0 +1,91 @@
+import ConfigParser
+import os
+import copy
+
+
+class Configuration(object):
+    
+    _instance = None
+    #(fmignini) Not too meaningful use this var, I should change his name with something else like inizialized = False 
+    _AUTH_SERVER = None
+    
+    def __new__(cls, *args, **kwargs):
+        
+        if not cls._instance:
+            cls._instance = super(Configuration, cls).__new__(
+                                cls, *args, **kwargs)
+        return cls._instance 
+    
+    def __init__(self):
+        #print 'Configuration - PATH : '+os.getcwd()
+        path = copy.copy(os.getcwd())
+        path_dirs = path.split("/")
+        for path_dir in path_dirs:
+            if path_dir == 'tests':
+                self.test = True
+            else:
+                self.test = False
+        #print self.test
+        if self._AUTH_SERVER is None:
+            self.inizialize()
+    
+    def inizialize(self): 
+        config = ConfigParser.RawConfigParser()
+        config.read('psaEE.conf')
+        self._LOG_FILE = 'PSA.log'
+        self._VERBOSE = 'true'
+        self._DEBUG = 'true'
+        self._PSC_ADDRESS = config.get('configuration', 'psc_address')
+        self._PSA_CONFIG_PATH = config.get('configuration', 'psa_config_path')
+        self._PSA_ID = config.get('configuration', 'psa_id')
+        self._PSA_SCRIPTS_PATH = config.get('configuration', 'scripts_path')
+        self._PSA_API_VERSION = config.get('configuration', 'psa_api_version')
+        self._PSA_VERSION = config.get('configuration', 'psa_version')
+        self._PSA_NAME = config.get('configuration', 'psa_name')
+        self._PSA_LOG_LOCATION = config.get('configuration', 'psa_log_location')
+        
+        #self._CONF_ID = config.get('configuration', 'conf_id')
+
+    @property
+    def LOG_FILE(self):
+        return self._LOG_FILE
+
+    @property
+    def VERBOSE(self):
+        return self._VERBOSE
+
+    @property
+    def PSC_ADDRESS(self):
+        return self._PSC_ADDRESS
+
+    @property
+    def PSA_CONFIG_PATH(self):
+        return self._PSA_CONFIG_PATH
+
+    @property
+    def PSA_SCRIPTS_PATH(self):
+        return self._PSA_SCRIPTS_PATH
+
+    @property
+    def PSA_ID(self):
+        return self._PSA_ID
+    
+    @property
+    def PSA_NAME(self):
+        return self._PSA_NAME
+
+    @property
+    def PSA_API_VERSION(self):
+        return self._PSA_API_VERSION
+    
+    @property
+    def PSA_VERSION(self):
+        return self._PSA_VERSION
+    
+    @property
+    def PSA_LOG_LOCATION(self):
+        return self._PSA_LOG_LOCATION
+
+    # @property
+    # def CONF_ID(self):
+    #     return self._CONF_ID
diff --git a/PSA/Readme.md b/PSA/Readme.md
new file mode 100644
index 0000000..a9a4666
--- /dev/null
+++ b/PSA/Readme.md
@@ -0,0 +1,4 @@
+# Software for PSA Execution Environment (*ctrlmgmtd* agent)
+
+These files or functionality need to be a part of the PSA Execution Environment template.
+
diff --git a/PSA/boot_script_psa b/PSA/boot_script_psa
new file mode 100644
index 0000000..14fb82f
--- /dev/null
+++ b/PSA/boot_script_psa
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+# Place this in /etc/network/if-up.d/
+
+[ "$IFACE" = 'eth2' ] || exit 0
+
+ifconfig eth2 mtu 1496
+dhclient -1 eth2
+cd /home/psa/pythonScript
+ip=$(ifconfig eth2 | grep "inet addr" | awk '{print $2}' | cut -d: -f2)
+gunicorn -b $ip:8080 --log-file /home/psa/GUNICORN.log --log-level debug psaEE:app &
diff --git a/PSA/defaultIpsecConf b/PSA/defaultIpsecConf
new file mode 100644
index 0000000..31627a1
--- /dev/null
+++ b/PSA/defaultIpsecConf
@@ -0,0 +1,13 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+config setup
+
+conn my_lan
+    left=%any
+    leftsubnet=192.168.2.0/24 #,10.2.0.0/16
+    rightsubnet=192.168.2.0/24 #,10.2.0.0/16
+    authby=never
+    type=passthrough
+    auto=route
+
+
+
diff --git a/PSA/dumpLogFile.py b/PSA/dumpLogFile.py
new file mode 100644
index 0000000..72ab5ff
--- /dev/null
+++ b/PSA/dumpLogFile.py
@@ -0,0 +1,25 @@
+'''   
+    File:       dumpLogFile.py
+    Description:
+        REST resource to dump content of the log file from the PSC
+        For development purpose only! Disable this in production (TBD)
+
+'''
+import falcon
+import json
+
+
+class dumpLogFile():
+	def __init__(self):
+		pass
+
+	def on_get(self, req, resp):
+		try:
+			in_file = open("PSA.log","r")
+			log = in_file.read()
+			in_file.close()
+			resp.status = falcon.HTTP_200
+			resp.body = log
+		except Exception as e:
+			logging.exception(sys.exc_info()[0])
+			resp.status = falcon.HTTP_501
diff --git a/PSA/execInterface.py b/PSA/execInterface.py
new file mode 100644
index 0000000..57516a6
--- /dev/null
+++ b/PSA/execInterface.py
@@ -0,0 +1,149 @@
+#   
+#   File: 		execInterface.py
+#	Created:    27/08/2014
+#   Author:     BSC, VTT
+#   
+#   Description:
+#       Web service running on the PSA receiving the configuration for the PSA from the PSC
+#
+#
+
+import falcon
+import logging
+import json
+import sys
+import subprocess
+import os
+import stat
+
+class execInterface():
+    def __init__(self, configsPath, scriptsPath, psaLogLocation, psaID):
+        self.confsPath = configsPath
+        self.scripts_path = scriptsPath
+        self.log_location = psaLogLocation
+        self.psaID = psaID
+    
+    def on_post(self, request, response, command):
+        print "onPost"
+        try:
+            res = {}
+            res["command"] = command
+            if command == "init":
+                # receiev the configuration, or init package
+                script_file = self.confsPath + "/psaconf"
+                fp=open(script_file, 'wb')
+                while True:
+                    chunk = request.stream.read(4096)
+                    fp.write(chunk)
+                    if not chunk:
+                        break
+                fp.close()
+
+                # Make script executable for current user
+                # hazardous.. we're root
+                #st = os.stat(script_file)
+                #os.chmod(script_file, st.st_mode | stat.S_IEXEC)
+                
+                # Run the init.sh and return it's return value
+                res["ret_code"] = str(self.callInitScript())
+                logging.info("PSA "+self.psaID+" configuration registered")
+            elif command == "start":
+                res["ret_code"] = str(self.callStartScript())
+            elif command == "stop":
+                res["ret_code"] = str(self.callStopScript())
+            else:
+                logging.info("POST: unknown command: " + command)
+                response.status = falcon.HTTP_404
+                return
+            
+            response.body = json.dumps(res)
+            response.status = falcon.HTTP_200
+            response.set_header("Content-Type", "application/json")
+        except Exception as e:
+            logging.exception(sys.exc_info()[0])
+            response.status = falcon.HTTP_501
+
+    def on_get(self, request, response, command):
+        try:
+            res = {}
+            res["command"] = command
+            if command == "status":
+                res["ret_code"] = self.callStatusScript().replace("\n", "")
+            elif command == "configuration":
+                res["ret_code"] = self.callGetConfigurationScript()
+            elif command == "internet":
+                res["ret_code"] = self.callGetInternetScript()
+            elif command == "log":
+                # Return PSA log or 501
+                log = self.callGetLogScript()
+                if log != None:
+                    response.body = log
+                    response.status = falcon.HTTP_200
+                    response.set_header("Content-Type", "text/plain; charset=UTF-8")
+                else:
+                    #res["ret_code"] = "not_available"
+                    #response.body = json.dumps(res)
+                    #response.set_header("Accept", "application/json")
+                    response.status = falcon.HTTP_501
+                return
+            else:
+                logging.info("GET: unknown command: " + command)
+                response.status = falcon.HTTP_404
+                return
+            
+            response.body = json.dumps(res)
+            response.status = falcon.HTTP_200
+            response.set_header("Content-Type", "application/json")
+        except Exception as e:
+            logging.exception(sys.exc_info()[0])
+            response.status = falcon.HTTP_501
+
+    def callInitScript(self):
+        logging.info("callInitScript()")
+        ret = subprocess.call(['.' + self.scripts_path + 'init.sh'])
+        return ret
+    
+    def callStartScript(self):
+        logging.info("callStartScript()")
+        ret = subprocess.call(['.' + self.scripts_path + 'start.sh'])
+        return ret
+
+    def callStopScript(self):
+        logging.info("callStopScript()")
+        ret = subprocess.call(['.' + self.scripts_path + 'stop.sh'])
+        return ret
+
+    def callStatusScript(self):
+        proc = subprocess.Popen(['.' + self.scripts_path + 'status.sh'], stdout=subprocess.PIPE, shell=True)
+        (out, err) = proc.communicate()
+        return out
+    
+    def callGetConfigurationScript(self):
+        logging.info("callGetConfigurationScript()")
+        proc = subprocess.Popen(['.' + self.scripts_path + 'current_config.sh'], stdout=subprocess.PIPE, shell=True)
+        (out, err) = proc.communicate()
+        return out
+
+    def callGetInternetScript(self):
+        logging.info("callGetInternetScript()")
+        proc = subprocess.Popen(['.' + self.scripts_path + 'ping.sh'], stdout=subprocess.PIPE, shell=True)
+        (out, err) = proc.communicate()
+        return out
+    
+    def callGetLogScript(self):
+        logging.info("callGetLogScript()")
+        ret = None
+        try:
+            with open(self.log_location, "r") as f:
+                ret = f.read()
+        except Exception as e:
+            logging.exception(sys.exc_info()[0])
+        
+        return ret
+    
+    def get_client_address(self,environ):
+        try:
+            return environ['HTTP_X_FORWARDED_FOR'].split(',')[-1].strip()
+        except KeyError:
+            return environ['REMOTE_ADDR']
+
diff --git a/PSA/getConfiguration.py b/PSA/getConfiguration.py
new file mode 100644
index 0000000..7183ee1
--- /dev/null
+++ b/PSA/getConfiguration.py
@@ -0,0 +1,115 @@
+#  
+#   File: 	getConfiguration.py
+#   Created:    05/09/2014
+#   Author:     BSC
+
+#   Modified:    29/10/2015, 2016
+#   Author:     VTT, UPC
+#   
+#   Description:
+#       Web service running on the PSA interacting with the PSC
+#
+#
+
+import json
+import requests
+import logging
+from psaExceptions import psaExceptions
+import subprocess
+import base64
+
+class getConfiguration():
+
+    #def __init__(self, pscAddr, configsPath, confID, psaID):
+    def __init__(self, pscAddr, configsPath, scriptsPath, psaID, psaAPIVersion):
+        self.pscAddr = pscAddr
+        self.configsPath = configsPath
+        self.scripts_path = scriptsPath
+        #self.confID = confID
+        self.psaID = psaID
+        self.psaAPI = psaAPIVersion
+
+    def send_start_event(self):
+        logging.info("PSA: send_start_event")
+        logging.info("PSA: "+self.psaID+" calling PSC")
+        resp = requests.get(self.pscAddr + "/" + self.psaAPI + "/psa_up/" + self.psaID)
+        logging.info("PSA: "+self.psaID+" calling PSC done")
+        return resp.content
+
+    def pullPSAconf(self):
+
+        header = {'Content-Type':'application/octet-stream'}
+
+        #resp = requests.get(self.pscAddr+"/getConf/"+self.psaID+"/"+self.confID, headers=header)
+        resp = requests.get(self.pscAddr + "/" +self.psaAPI + "/getConf/"+self.psaID, headers=header)
+        if (resp.status_code == requests.codes.ok):
+            #fp=open(self.configsPath+"/"+self.confID,'wb')
+            #fp=open(self.configsPath+"/"+self.psaID,'wb')
+            # We don't have multiple security controls inside one PSA image at the moment.
+            json_config = False
+            try:
+                conf = json.loads(resp.content)
+                logging.info("PSA JSON conf received:")
+                logging.info(conf)
+                # Handle different config formats
+                if conf["conf_type"] == "base64":
+                    decoded_conf = base64.b64decode(conf["conf"])
+                elif conf["conf_type"] == "text":
+                    decoded_conf = conf["conf"]
+                else:
+                    # Use default format, presume text.
+                    decoded_conf = conf["conf"]
+                json_config = True
+            except Exception as e:
+                logging.info("Could not load JSON config, reverting to old text format")
+                decoded_conf = resp.content
+            
+            fp=open(self.configsPath+"/psaconf", 'wb')
+            fp.write(decoded_conf)
+            fp.close()
+
+            self.callInitScript()
+            if json_config:
+                self.enforceConfiguration(conf)
+            
+            logging.info("PSA "+self.psaID+" configuration registered")
+            return resp.content
+        else: 
+            logging.error("Bad configuration request for PSA "+self.psaID)
+            raise psaExceptions.confRetrievalFailed()
+
+
+        # header = {'Accept':'application/octet-stream', 'Content-Type':'application/octet-stream'}   
+        # resp = requests.get(self.pscAddr+"/getConfiguration/"+self.confURI, data={}, headers=header)
+        # if (resp.status_code != 200):
+     	# 	msg = "PSC is not able to provide the conf for: [PSAid] " + self.psaID + ", [confURI] " + self.confURI
+        # 	raise psaExceptions.confRetrievalFailed(msg)
+
+            # TODO check script validity
+        #return resp.text
+
+    def callInitScript(self):
+        logging.info("callInitScript()")
+        ret = subprocess.call(['.' + self.scripts_path + 'init.sh'])
+        return ret
+
+    def enforceConfiguration(self, jsonConf):
+        req_keys = ("IP", "dns", "netmask", "gateway")
+        has_req = False
+        if all (key in jsonConf for key in req_keys):
+            has_req = True
+        
+        if has_req:
+            logging.info("PSA requires IP, configuring...")
+            ip = jsonConf["IP"]
+            dns = jsonConf["dns"]
+            netmask = jsonConf["netmask"]
+            gateway = jsonConf["gateway"]
+            logging.info("ip: " + str(ip))
+            logging.info("gateway: " + str(gateway))
+            logging.info("dns: " + str(dns))
+            logging.info("netmask: " + str(netmask))
+            ret = subprocess.call(['.' + self.scripts_path + 'ip_conf.sh', ip, gateway, dns, netmask])
+            logging.info("Result of setting config: " + str(ret))
+        else:
+            logging.info("PSA doesn't require IP, skipping configuration.")
diff --git a/PSA/interfaces b/PSA/interfaces
new file mode 100644
index 0000000..ccf3246
--- /dev/null
+++ b/PSA/interfaces
@@ -0,0 +1,32 @@
+# PSA interface file
+# Place this in /etc/network in your PSA image template
+
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+# The loopback network interface
+auto lo br0 eth2
+iface lo inet loopback
+
+# The primary network interface
+
+iface eth0 inet manual
+iface eth1 inet manual
+#iface eth2 inet dhcp
+iface eth2 inet manual
+
+iface br0 inet manual
+	pre-up ip link set eth0 down
+	pre-up ip link set eth1 down
+	pre-up brctl addbr br0
+	pre-up brctl addif br0 eth0 eth1
+	pre-up ip addr flush dev eth0
+	pre-up ip addr flush dev eth1
+	pre-up ip link set eth0 up
+	pre-up ip link set eth1 up
+	pre-up ip link set br0 up
+	post-down ip link set eth0 down
+	post-down ip link set eth1 down
+	post down ip link set br0 down
+	post-down brctl delif br0 eth0 eth1
+	post-down brctl delbr br0
diff --git a/PSA/json/psaStartup.json b/PSA/json/psaStartup.json
new file mode 100644
index 0000000..846d571
--- /dev/null
+++ b/PSA/json/psaStartup.json
@@ -0,0 +1,9 @@
+{
+	
+	"name": "psa_startup_file",
+	"user_token": "token1",
+	"psaID": "12345",
+	"pscAddr": "http://127.0.0.1:4321",
+	"confURI": "12345"
+
+}
diff --git a/PSA/parseConfig.py b/PSA/parseConfig.py
new file mode 100644
index 0000000..9a5a612
--- /dev/null
+++ b/PSA/parseConfig.py
@@ -0,0 +1,47 @@
+import json
+import sys
+
+def parseJSON(jsonPath, defaultConfigPath, ipsecConfigPath):
+	try:
+		f = open(jsonPath, 'r')	
+		strjson=f.read().replace('\n', '')		
+		jsObj = json.loads(str(strjson))
+		
+		try:
+			dc = open(defaultConfigPath)
+    			lines = dc.readlines()    			
+			r = open(ipsecConfigPath, 'w')
+			r.writelines(lines)
+			
+			default = jsObj["default"]
+			if(default):
+				r.write("conn %default\n")
+				for p in default:
+					r.write("\t" + p + "=" + default[p] + "\n")
+				r.write("\n")
+			psa = jsObj["psa"]	
+			if(psa):
+				r.write("conn psa\n")
+				for p in psa:
+						
+					if psa[p] != "":
+						r.write("\t" + p + "=" + psa[p] + "\n")
+					elif p == "left":
+						r.write("\t" + p + "=%any" + "\n")
+					elif p == "leftsourceip":
+						r.write("\t" + p + "=%config" + "\n")
+						
+			r.write("\n")
+			#r.close()
+		except Exception,e: 
+			print str(e)
+			print "Can't open ipsec config file"
+	except Exception,e: 
+		print str(e)
+		print "Can't open json config file"
+
+args = sys.argv
+if len(args) == 4:
+	parseJSON(args[1],args[2],args[3])
+else:
+	print "Usage: parseConfig.py [jsonPath] [defaultConfigPath] [ipsecConfigPath]"
diff --git a/PSA/psaConfigs/README.md b/PSA/psaConfigs/README.md
new file mode 100644
index 0000000..e9ea7bb
--- /dev/null
+++ b/PSA/psaConfigs/README.md
@@ -0,0 +1 @@
+Runtime PSA security control configs are stored in this folder.
diff --git a/PSA/psaConfigs/ipsec.conf b/PSA/psaConfigs/ipsec.conf
new file mode 100644
index 0000000..0098b53
--- /dev/null
+++ b/PSA/psaConfigs/ipsec.conf
@@ -0,0 +1,29 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+config setup
+
+conn %default
+    ikelifetime=60m
+    keylife=20m
+    rekeymargin=3m
+    keyingtries=3
+    keyexchange=ikev2
+
+conn my_lan
+    left=%any
+    leftsubnet=192.168.2.0/24 #,10.2.0.0/16
+    rightsubnet=192.168.2.0/24 #,10.2.0.0/16
+    authby=never
+    type=passthrough
+    auto=route
+
+conn psa
+    left=%any
+    leftsourceip=%config
+    leftcert=ClientCert.pem
+    leftsubnet=10.2.2.0/16
+    leftid=psa@secured.eu
+    leftfirewall=yes
+    right=147.83.42.191
+    rightsubnet=0.0.0.0/0
+    rightid=@vpn.secured.eu
+    auto=add
diff --git a/PSA/psaConfigs/ipsec.d/cacerts/strongswanCert.pem b/PSA/psaConfigs/ipsec.d/cacerts/strongswanCert.pem
new file mode 100644
index 0000000..00a71e8
--- /dev/null
+++ b/PSA/psaConfigs/ipsec.d/cacerts/strongswanCert.pem
@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFNjCCAx6gAwIBAgIIEkPUG0+7tv8wDQYJKoZIhvcNAQEFBQAwOTELMAkGA1UE
+BhMCRVMxEDAOBgNVBAoTB1NlY3VyZWQxGDAWBgNVBAMTD1NlY3VyZWQgUm9vdCBD
+QTAeFw0xNjAyMjkxNjE5NTVaFw0yNjAyMjYxNjE5NTVaMDkxCzAJBgNVBAYTAkVT
+MRAwDgYDVQQKEwdTZWN1cmVkMRgwFgYDVQQDEw9TZWN1cmVkIFJvb3QgQ0EwggIi
+MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ18n1g4CaO4UmNQBCvVA0hZjs
+yY2I1PLhgnQS4tUu6zTb8CqL2qNr/lPh/PuDMhCDnyAdSvO+RrBRBbIKrDet1Ee6
+74lQnrhcN0b+8wQu3xBTwhMpg8iAPduJdDhdzDGrc0sKeUvJ2RnjQmyqNGTvCezl
+7F/xb1UKKg1uZGTorqdxYg09v/6rg51/vd1xnjAaMI5aC4zSbmhDMgNowrNdVtW/
+qC7XQ+mgRNqDdf/ac63vnpNbKt8GhPjEVo/pJUSgNThpyBob5DTbSgFDPXxUjUyQ
+QMwB4NW4CcxqhzoYdrhZXL/BAi7i/bLliX5ivOzKQHEbmfnwHwIyO39/OoEHFNnE
+QC3YjDynFfdyx9LthxeaMFYXFmU/iWtL7qMfZb6IeiV1vkXchC8O/4aYzSqBskHX
+XDwojlxMWYKfb9cJSfiOSbaaLvr1Gof2rjQSDEiJhdvynTE/Qf1wCmQDnLBfwZOv
+d8mMdpi9g0Bqg3JF9/GuvebRJK8CKLcQM6wvn3W8YrxoFDDkH9ni+eLTRjZcazX1
+UuDL6lnWn2ZzO/ND54VSBwE/hPMcV63iSYWcNJP/Q69T2pXBrTigSBhlwaXuzRIF
+/7YmrOwqag7d9lA3mej+jsaygA3L/f1CpI9HWjgZD16S2D83qWjcR66UqNDz8mFf
+DPdLOQROZi5u+OLTHQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
+/wQEAwIBBjAdBgNVHQ4EFgQUMPENpHawLXFavG47snr+cfvNR5QwDQYJKoZIhvcN
+AQEFBQADggIBAFfyR9Q8h4poKaPu4Yh0uKVPDQSnX+xE/xw/acWu6NTck85TYP7G
+s3U7+7IcEOaA/JJc5XhKEINQKj5qi28wzQzUg+bBoGAkd2PlfJZrLAULdNKBBjwH
+7biMUIZFuPKhIJkgVK45o9gukQZW6azZ6uB0QYRD1usFrmqnERtNSYYv7QR1OuTp
+MjHNdyyPok3vrcaYORg5bFmbPeyy/LPvyzHnv9eKR/ykj9Y7nCjBRq2sEa30bwzU
+LFsEYmhrZs2Ja2YA9NjUWE6DOZdLrOjQDLHObGxVnLgzRrnwVqq33RJxCHGhcV7A
+DjhVSH1qRs0OD/LhRpJIO/n7z/xPAH/T2/UhVpiuPQoHIfVWEgfUaZjl9jOBMhXm
+iXJAA4RQLSH35cj8OntuEegE4ZdW1zTqmGmh3VjWf7hKv8FhpdQTCctVlTCDzOs7
+fWEVmupmgc2xBp6sW6e3ioo4CtPDoT+S23ve56gb7QV6UfMuZPeyFkFNgVCDwRBM
+aVXd3WLey3c3D+j4cI+kbtwY8340grA8KALrh2VNbRDFh45vn2c3TAzcfIP2g+Bu
+byNuWZ24IqIyhx1ottLo9KvtPM7S4vcNAuVtiVon3WLeRQlR3UZ316yenJy49NUJ
+Q6PsMWHks5fqE9nVWU/AdflWYOJnX3ooi8EK3UD7sQC/21UyF/UFZdGd
+-----END CERTIFICATE-----
diff --git a/PSA/psaConfigs/ipsec.d/certs/ClientCert.pem b/PSA/psaConfigs/ipsec.d/certs/ClientCert.pem
new file mode 100644
index 0000000..9a878a7
--- /dev/null
+++ b/PSA/psaConfigs/ipsec.d/certs/ClientCert.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEMTCCAhmgAwIBAgIIPumjqfUrjEIwDQYJKoZIhvcNAQEFBQAwOTELMAkGA1UE
+BhMCRVMxEDAOBgNVBAoTB1NlY3VyZWQxGDAWBgNVBAMTD1NlY3VyZWQgUm9vdCBD
+QTAeFw0xNjAyMjkxNjIyMjlaFw0xODAyMjgxNjIyMjlaMDgxCzAJBgNVBAYTAkVT
+MRAwDgYDVQQKEwdTZWN1cmVkMRcwFQYDVQQDFA5wc2FAc2VjdXJlZC5ldTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALUgqBMyLno3i4cBqByZJCpcZVsr
+dvn9fSu2KsImPcl8Nh7m6fymspzyyV+G6ZwDCKL+HA7rzpC+SBf6I0/cj03FhCmo
+eSxBCLn7ZICvb5OLCmXuOdrP5j7TMyH5fEGMOWoAQKL4OZlvDqWQO4FhSiGvY24m
+e+cb81tkTRb34FxhzqA6fB/vVpusM7WygGhAI7AkA4UdmFG2cOa0UN+0d9XXUr7z
+l8DZYxqvVd0UPCxN7Z4vs5+19ge9UMs9TEz1jmTLBtNfVdOKqflQf8PObWBkG2EC
+ddWLQ57IrJeNaD4+t1VsXk+H45n/Zl0BIOgiWF9lW3qtEfZkqaMIvr7prt8CAwEA
+AaM+MDwwHwYDVR0jBBgwFoAUMPENpHawLXFavG47snr+cfvNR5QwGQYDVR0RBBIw
+EIEOcHNhQHNlY3VyZWQuZXUwDQYJKoZIhvcNAQEFBQADggIBALXhl4J3IvoMLuWT
+X8ofgyg0M0D+Je0y/P1yjajQ6jTmszlH9E2j7vPCus598CCxDHn0URR60kaB6W0F
+i4pSqsBo2ctW+8rZpyAhL/Uo3VwZCkSKSFTC5YeJR9zopPxZemQGqxbnD7pKWfTX
+r+CMiA1IkoDUoLOh25MaHTn9OWeSouQJH41S1zuq+W7rpZPrABRrMNUqID32eQhK
+rPtyTS96TIJTbng02PTk+0FLQLyVrDh4mVR8ZALzyBnAmZGsaIGGKw2ff7P+DgZZ
+UlyXM+1F4HRCsGINoDTMkDUZkLUP2gZQfV/bysK3zvZy1UrFjQRbk/76SIwyE4+K
+zdf32UcUpwoCy6FAAHSlUbiDVFX9VA70R1ibGnXSiy45CsYOvNGp6rX+zkE1hfva
+6gFLiyCXt1ns8/GIw51RzGeCOYqzX0Xo4m6H2frfMBOGnJ3Mq6yaT5q/JUf95f31
+qXSgkmdV0NxYQugrFWAA3+mAtmCUj7qh5zejDDtbV6RGApEAr9w+MARbXd69UDRD
+GHTpZLcfTti/czqUOfcUFcYxO6+2qxQXdloTOv0mIppoQ8Waawk7lNpT7cWqxUnU
+isZCAEq6CvZ6VPiYoRPeYwrPfOl+/B5Mx6N0Grt5HNFSwzyBnXy8gq0hO873Hy4z
+eG898qPQSAlOHnHeiGzPn104HHSh
+-----END CERTIFICATE-----
diff --git a/PSA/psaConfigs/ipsec.d/certs/vpnHostCert.pem b/PSA/psaConfigs/ipsec.d/certs/vpnHostCert.pem
new file mode 100644
index 0000000..ebe9d7b
--- /dev/null
+++ b/PSA/psaConfigs/ipsec.d/certs/vpnHostCert.pem
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEUDCCAjigAwIBAgIILdCBejeojQcwDQYJKoZIhvcNAQEFBQAwOTELMAkGA1UE
+BhMCRVMxEDAOBgNVBAoTB1NlY3VyZWQxGDAWBgNVBAMTD1NlY3VyZWQgUm9vdCBD
+QTAeFw0xNjAyMjkxNzIwNTVaFw0xODAyMjgxNzIwNTVaMDgxCzAJBgNVBAYTAkVT
+MRAwDgYDVQQKEwdTZWN1cmVkMRcwFQYDVQQDEw52cG4uc2VjdXJlZC5ldTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMzmpbOKgqqq7ahSVDybx7PGNEdL
+ltVQXTFZbMKqr3tEmOqdU+42PRbO02PtVxx+a+hIqIFcBMMK9meuMtFM+es2GdKN
+k5UC/sPDTBxDAD3o3s2MQh5gLrHaEIgSYJSoy0jsuY2mfwLDQNsskvV/hcTROi6s
+outxEYT/oUWrsXSt+hOO/J+Eh21ItHlPyNQXVBYalxWN+esTVNL/7PfFwSWQT6AG
+bTJJ6W+mpX5pdEnl9dbJrduTpMRCRxN7t1UGf7WyZbY+1ZgLfjrcxdtEcJpH1Fsw
+r6W+aCYKO/6e86f7orYsRAkf5+hZvtxt33hB8YCq3rN0cLuWeOlrM9Cn/YECAwEA
+AaNdMFswHwYDVR0jBBgwFoAUMPENpHawLXFavG47snr+cfvNR5QwGQYDVR0RBBIw
+EIIOdnBuLnNlY3VyZWQuZXUwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFCAIC
+MA0GCSqGSIb3DQEBBQUAA4ICAQAI4vR/sjwFVocDqjf64DvXVsVmo+5iinc9dU96
+l/YCheC8ZXGyMbeuzTZ2b3xkYFQXGFJ1qcFse0VBGec4aj1d79vw7mIixcbsVSRZ
+jHqSY6LaqGWnmguDUmYViG+qoKJAh6N3802kDJw9/ovv22B2WssktLMbYvx0no7c
+wt8dmlK2OCyEAUN6SzlItwYSdPtI5MjpTvDAKYGHP5NfEsPh1zrOr3Ll+wEzLfzg
+MvZRiBJIjsCe9YBOalndi9HTm6dTvTtPVT6ZJX9tPdXfeyQ2sqXqU6UF819LDnnp
+/b5+dADiAGbj3+Kj0c3rjc/dS15WHp1qJoTPUpxngcJDqELAFaNB1H2tCg9a9BwM
+9ke8YX8wV+DBMzlLGfPT2ijfJrlcuc/AszgnH7Y0npKAFFVMLOR8wfh5gaBduB9I
+rYEPrN3mn+El/AFYOKohKNXY9BJ+W3ZruNFZMYmxbCdmzPhFt4AYgumFkBNFI3XV
+tsTxARLhmwfeuwaqbq5bBfkFAfRO0RGlsfz1HeYPeyIlGoBu+VzeDEKPXqpJQ02b
+s8hwgNhawqjwN6lba1T5XJnKxgXcY1Duf9ohQZ94wLcP8fvKO9OqOuyww5lF88LP
+4DytW81hUAmoJug0nwmdUmLB5Pv1J8AgXW7OtpBauQaeeByckWSvh685DFSYa48l
+IyFUKQ==
+-----END CERTIFICATE-----
diff --git a/PSA/psaConfigs/ipsec.d/private/ClientKey.pem b/PSA/psaConfigs/ipsec.d/private/ClientKey.pem
new file mode 100644
index 0000000..a2ad836
--- /dev/null
+++ b/PSA/psaConfigs/ipsec.d/private/ClientKey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAtSCoEzIuejeLhwGoHJkkKlxlWyt2+f19K7YqwiY9yXw2Hubp
+/KaynPLJX4bpnAMIov4cDuvOkL5IF/ojT9yPTcWEKah5LEEIuftkgK9vk4sKZe45
+2s/mPtMzIfl8QYw5agBAovg5mW8OpZA7gWFKIa9jbiZ75xvzW2RNFvfgXGHOoDp8
+H+9Wm6wztbKAaEAjsCQDhR2YUbZw5rRQ37R31ddSvvOXwNljGq9V3RQ8LE3tni+z
+n7X2B71Qyz1MTPWOZMsG019V04qp+VB/w85tYGQbYQJ11YtDnsisl41oPj63VWxe
+T4fjmf9mXQEg6CJYX2Vbeq0R9mSpowi+vumu3wIDAQABAoIBAHRaih3qupigXe1Y
+Txov9l+QAzxR65gkEuilmUonLsHkHRA03lMC8vKHtHy9OgySllW+T1/2czfgRIfC
+lDSVRyl6nK/2HgEjtetjZuiTymVJiGB6bIf3zbzGB67nib7ByZAioWMPelDqWspY
+oSE30ltZQ9JavnV0Kxymji8XBPXSejT7hRRp3/eSGaXFxI0YOk4SDcEwnr1gA+bb
+BpFIfFhvB80uMBk+iwHrY7fLoznXww7oZX4U9jGAixfYd6K7jtzR4Vj0toMkX1ww
+FB2Hn1xlHNPjg2ldVom3p0MaWwJJ8DLaxWv7at4HO+kpwI9vDIgu41fBTps5d6L8
+O4dGGCECgYEA189T+qrb6fRyNEOkeZWf4GeUcgrxXwqOovAB9D7p2RHoSJ1h1cYa
+VWgIohHC/J1uWiiKUgeLhBAl3pcG9wMWUKC4am4K4/yCvCjOOoZX5Zdw6+HVnHFv
+PAk1fd4i9mkEzJxVtXJxu80LfKc2hH4Geq8Xs4EE3q+S58ATxb90H5UCgYEA1tvc
+Dv5WT3sqOqYJZCIC/mL5NEzeai3wqA0II/pUkhAqe9DUP8gdLqDheyzVFclT6Frk
+3Kdmw8Akilq34X3Of1BvuwzIDio/MzRoMb9fu/tq2PMGFR+DkspwnQ+nzIFayVjS
+/cI0WOyiB6ADIJQkNX/hM92C5hJzj6geywGKh6MCgYBHFAkTyUxvDMzEe/bi+K3U
+iijxOrtu0xpRff0WxdXdYbGAoR1E/F9V+9LEFleDPhLHbQzJoaSI1YyzeEiZ+JFT
+8utqWl4J4vPoJwRtcCvo+Wz+s73YLeA2BM5ya0RWphYnkeIExfHBqfH7l1M0ZhGa
+PKrwuzCwa2FWJQQeIEWN1QKBgCvw3OloFIi+vJ0v9b23wvr5jNOoYNhAOvZza9XH
+zWHt0nJt++prZ6RwnIyPV6jT+sgLRsDlr3ubIR32faKtEv0wmxka/RMAitpS/ngm
+FlMgkPJ7iSPqxQLRSgSk/gEx9zo0YzoobII/Ksf6bolMIreaRplP1QRug5m+nUWR
+NB6XAoGAALSMJlqZq9UqIu22/vwIhP2PcZPjrFif+QkdU6f3cyJZ4mzPr7rQjCJP
+fADhA5McGkTjh4kBTN7Bb0PTnxrUDYpAeWgkgwozZEKAp92g8UUtWkjK2KyIwQ9f
+n+xD50NWlsgf/EGVPzh1RFGD/fl6Yfc6tCYK+wWctSLDbWtxgzc=
+-----END RSA PRIVATE KEY-----
diff --git a/PSA/psaConfigs/ipsec.d/private/vpnHostKey.pem b/PSA/psaConfigs/ipsec.d/private/vpnHostKey.pem
new file mode 100644
index 0000000..e21fe7b
--- /dev/null
+++ b/PSA/psaConfigs/ipsec.d/private/vpnHostKey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEArsN9VEcJOJ+kxHYUdQ/3ih9gwRg/NrfK9mgh7IAt73SizXR/
+XYTQxkfQnma1m6R4OiTcQSbseNYKRRpbHbNBp2pN2tZ3PmMGztKdpxPE+ORu+65T
+eKnzUJcIbI4n0axC76YtbFzS2JiFIlyNz+o8GJcvsJ1WMo3yjjLLopzOnOqzpi50
+Dy8OPpb2orORAVWp7NA+ySYrxPSH26zbGEv4fSmGBT/Zr/CcSyTZo7i/MnMnCVnr
+FglFQSqrY6Zrmf50XCCYVcc28SmJfKoh+S9kAzZIzP7dvUp9AFQQgFb48scxMSnC
+42yE2EgQW5DoX1XmOa1E3nSVpa0Q8FhkxQT/SQIDAQABAoIBAGtO6/jAuX/EPtbH
+Ll6G1FdCVxWZvs7pYb2VSSc/uXTr6D9Bhic1M0BcvlNU+7Q68/u3wGpc7RxxSNMP
+kN0WwXx7wJxbzdJH2dlK57S8Zdjx4te1Pdm8eQOGCY0maHrNTDh8kC2WfXyzgiQM
+MqN0zzvGMWk/4rqeAE6iD/mkURV13+IUfY1Wl9IxHHugCBQppu7vsEWCarBS1eQm
+qXjrdyF+929OT6vJRWvambOofcuYSM3adL6d74F4wk2Zyy/RcUMtgld+aZzzJ1qo
+196spOEs6iWxXDziFHk6rBZoBqfeFJIMtaeBL1pvzdGlNVVm5RNl2a6cUaGDL8SU
+CHFJIhECgYEA05IUpCIR9FQASl8xRWbUql/hktRIpP/8HeA7A/ryAF+K8xsfuXjf
+gcsz1fYhpk11c3K2f4l5+4GINTjcObQ/jImWPuoInV5gFqr5Bv7bZhs7OU1dyrvO
+W7nR/k0688h51XFQ8EQVU0VcRzfU1dW3Yf/SLZ/aUmtepEsy5FRt4j0CgYEA03av
+bab4DmPwGDkSktPbJ71kPYxm/pl459kTTun396OJ0PIKgK7QGuFz+OF0qJxG0Ew7
+CLUSp+LQHuh+hjEqatMJwE1CzrXKUXDLw4bq8cNM9WluGt+myGAehyvTGjD1Sn7n
+viSRVxjyndOT0n9CzboVBqnAkI+xoGLVbV8xnf0CgYBe9z4uomBexGnQ+EOcfFjP
+FPSivIjTD1gybNjwo26G/lvXXYBy9y+UCgr9alqWVER5Cq+iNao8W1sxUJGBkUfJ
+JGT9Xn15bchBxIK9Qh5nCagew3xrKLuq7pC0ziO9E2qkhRWok1bjJsoR6ZyuUxza
+b0L/WbZcsncr1dlFJiSgnQKBgQCq/sc+8QyXfmLRA52sU1pdWT3ss1M5v9rQCG4f
+mvykKH8yEfdCNZockoDYGV/fVHfCylHWaa3LSpKm27QsSSeWuE6jTRaf1sribkan
+NrtXgmkB7h5V5tKUJ32oKl0LSdmgQtycmi9Y8diGnWdkiPn5J+cGu0/21et52VHi
+nl6d9QKBgQC6D13Jskxe8xiGYaTwCchJZgoyw+40Mdk6VwbfFbg76LZtFog3q3d3
+ECt14ymqueGs6sJG76cKK9XLk1oQY0z+R1XHp2E1QBlz+cezThLA5tW3IIqfYnyV
+t5isXbUL14L7/r6EZ1mFf+vMs2Np8g4k1IhKf16aQuv/cMeN/ZBrxA==
+-----END RSA PRIVATE KEY-----
diff --git a/PSA/psaConfigs/psaconf b/PSA/psaConfigs/psaconf
new file mode 100644
index 0000000..53d395d
--- /dev/null
+++ b/PSA/psaConfigs/psaconf
@@ -0,0 +1,20 @@
+{
+  "default": {
+    "keyexchange": "ikev2",
+    "rekeymargin": "3m",
+    "keyingtries": "3",
+    "ikelifetime": "60m"
+  },
+  "psa": {
+    "rightsubnet": "0.0.0.0/0",
+    "leftfirewall": "yes",
+    "leftsourceip": "%config",
+    "auto": "add",
+    "left": "%any",
+    "leftsubnet": "10.2.3.0/24",
+    "leftcert": "ClientCert.pem",
+    "rightid": "@vpn.secured.eu",
+    "leftid": "psa@secured.eu",
+    "right": "147.83.42.207"
+  }
+}
diff --git a/PSA/psaEE.conf b/PSA/psaEE.conf
new file mode 100644
index 0000000..9067c06
--- /dev/null
+++ b/PSA/psaEE.conf
@@ -0,0 +1,10 @@
+[configuration]
+psc_address=http://192.168.2.1:8080
+psa_config_path=/home/psa/pythonScript/psaConfigs
+scripts_path=/scripts/
+psa_id=strongswan
+psa_name=CorporateVPN PSA
+psa_version=0.1.0
+psa_api_version=v0.5
+psa_log_location=/home/psa/pythonScript/psaConfigs/psa.log
+conf_id=
diff --git a/PSA/psaEE.py b/PSA/psaEE.py
new file mode 100644
index 0000000..5d933a5
--- /dev/null
+++ b/PSA/psaEE.py
@@ -0,0 +1,90 @@
+#  
+#	File: 		psaEE.py
+#   Created:    27/08/2014
+#   Author:     BSC
+#   
+#   Description:
+#       Web service running on the PSA interacting with the PSC
+#
+#
+
+import falcon
+import json
+import Config
+import logging
+import subprocess
+from execInterface import execInterface
+from getConfiguration import getConfiguration
+from psaExceptions import psaExceptions
+from dumpLogFile import dumpLogFile
+
+
+#old
+conf = Config.Configuration()
+date_format = "%m/%d/%Y %H:%M:%S"
+log_format = "[%(asctime)s.%(msecs)d] [%(module)s] %(message)s"
+logging.basicConfig(filename=conf.LOG_FILE,level=logging.DEBUG,format=log_format, datefmt=date_format)
+
+#older logging
+#logging.basicConfig(filename=conf.LOG_FILE,level=logging.DEBUG,format='%(asctime)s %(message)s', datefmt='%m/%d/%Y %I:%M:%S %p')
+
+pscAddr = conf.PSC_ADDRESS
+configsPath = conf.PSA_CONFIG_PATH
+psaID = conf.PSA_ID
+#confID = conf.CONF_ID
+
+logging.info("--------")
+logging.info("PSA EE init.")
+logging.info("PSA ID: " + str(psaID)) 
+logging.info("PSA NAME: " + str(conf.PSA_NAME)) 
+logging.info("PSA VERSION: " + str(conf.PSA_VERSION)) 
+logging.info("PSA-PSC API version: " + str(conf.PSA_API_VERSION))
+logging.info("PSA log location: " + str(conf.PSA_LOG_LOCATION))
+logging.info("--------")
+
+# instantiate class object to manage REST interface to the PSC
+execIntf = execInterface(configsPath, conf.PSA_SCRIPTS_PATH, conf.PSA_LOG_LOCATION, psaID)
+#confHand = getConfiguration(pscAddr, configsPath, confID, psaID)
+confHand = getConfiguration(pscAddr, configsPath, conf.PSA_SCRIPTS_PATH, psaID, str(conf.PSA_API_VERSION))
+
+# start the HTTP falcon proxy and adds reachable resources as routes
+app = falcon.API()
+#app.add_route('/execInterface', excIntf)
+app.add_route("/" + str(conf.PSA_API_VERSION) + '/execInterface/{command}', execIntf)
+
+dumpLog = dumpLogFile()
+#FOR DEBUGGING ONLY, REMOVE IN PRODUCTION
+app.add_route("/" + str(conf.PSA_API_VERSION) + '/execInterface/dump-log-ctrl', dumpLog)
+
+
+logging.info("execInterface routes added.") 
+
+# Inform our PSC that we are up
+#TODO
+'''
+try:
+    start_res = confHand.send_start_event()
+    # We don't need to enable anything
+    #proc = subprocess.Popen(confScript, stdout=subprocess.PIPE, shell=True)
+    #(out, err) = proc.communicate()
+except psaExceptions as exc: 
+    pass
+'''
+# Pull configuration and start the PSA.
+try:
+    confScript = confHand.pullPSAconf()
+    execIntf.callStartScript()
+except psaExceptions as exc: 
+    pass
+
+logging.info("PSA start done.") 
+
+# http request to ask for the configuration and start the script
+'''
+try:
+    confScript = confHand.pullPSAconf()
+    proc = subprocess.Popen(confScript, stdout=subprocess.PIPE, shell=True)
+    (out, err) = proc.communicate()
+except psaExceptions as exc: 
+    pass
+'''
diff --git a/PSA/psaExceptions.py b/PSA/psaExceptions.py
new file mode 100644
index 0000000..63adb35
--- /dev/null
+++ b/PSA/psaExceptions.py
@@ -0,0 +1,13 @@
+#   
+#   File:       psaExceptions.py
+#   Created:    05/09/2014
+#   Author:     BSC
+#   
+#   Description:
+#       Custom execption class to manage error in the PSC
+# 
+
+class psaExceptions():
+
+	class confRetrievalFailed(Exception):
+		pass
diff --git a/PSA/scripts/current_config.sh b/PSA/scripts/current_config.sh
new file mode 100644
index 0000000..e80838e
--- /dev/null
+++ b/PSA/scripts/current_config.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+#
+# current_config.sh
+#   Created:    03/01/2016
+#   Author:     Diego Montero
+#   
+#   Description:
+#       This script return the current squid3 configuration.
+#       (psaConfigs/psaconf)
+# 
+# This script is called by the PSA API when the PSA's current runtime configuration is requested.
+# 
+# Return value: 
+# Current configuration
+#
+
+COMMAND_OUTPUT="$(cat /etc/ipsec.conf)"
+printf '%s\n' "${COMMAND_OUTPUT[@]}"
+exit 1;
diff --git a/PSA/scripts/init.sh b/PSA/scripts/init.sh
new file mode 100644
index 0000000..2038259
--- /dev/null
+++ b/PSA/scripts/init.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+#
+# init.sh
+#   Created:    03/01/2016
+#   Author:     Diego Montero
+#
+#   Description:
+#
+
+# 
+
+sysctl net.ipv4.ip_forward=1
+sysctl net.ipv6.conf.all.forwarding=1
+
+ipsec stop
+
+echo "flushing routing cache"
+ip route flush cache
+
+## interface facing clients
+CLIENT_IFACE=eth0
+
+## interface facing Internet
+INET_IFACE=eth1
+
+ebtables -P FORWARD DROP
+ebtables -A FORWARD -p IPv4 -j ACCEPT
+ebtables -A FORWARD -p ARP -j ACCEPT
+ebtables -t broute -A BROUTING -i $CLIENT_IFACE -p ipv4 -j redirect --redirect-target DROP
+#ebtables -t broute -A BROUTING -i $INET_IFACE -p ipv4 -j redirect --redirect-target DROP
+
+# Parse json and set the ipsec configuration 
+JSON_CONF_FILE=/home/psa/pythonScript/psaConfigs/psaconf
+DEFAULT_CONF_FILE=/home/psa/pythonScript/defaultIpsecConf
+IPSEC_CONF_FILE=/etc/ipsec.conf
+python /home/psa/pythonScript/parseConfig.py $JSON_CONF_FILE $DEFAULT_CONF_FILE $IPSEC_CONF_FILE
+
+echo 1;
+exit 1;
diff --git a/PSA/scripts/ip_conf.sh b/PSA/scripts/ip_conf.sh
new file mode 100644
index 0000000..de7af4d
--- /dev/null
+++ b/PSA/scripts/ip_conf.sh
@@ -0,0 +1,41 @@
+#!/bin/bash
+#
+# ip_conf.sh
+# 
+# This script is called by the PSA API when the PSA should be configured with IP address. 
+# NOTE: This script is called right after init.sh script at the start-up of a PSA.
+# !!! 
+# This should have the base setup for IP. init.sh should not change these values, since it 
+# will overwrite these values at the moment.
+# !!!
+# --> (We can change the logic to call this after init.sh always?)
+#
+
+# Please, define the interface this PSA requires the IP for.
+CLIENT_IFACE=br0
+if [ "$#" -ne 4 ] 
+then
+    echo "Illegal number of params. Should be 4 (IP, gateway, dns, netmask)"
+    exit 1;
+fi
+
+echo "-------------"
+echo "IP:" + $1
+echo "gateway:" + $2
+echo "dns:" + $3
+echo "netmask:" + $4
+
+# Note that now we just replace any existing conf, since this should be the only DNS for the PSA.
+SEARCH='nameserver '$3
+if grep -Fxq "$SEARCH" /etc/resolv.conf
+then
+    echo "Had dns already"
+else
+    echo "Didn't have dns, setting"
+    echo -e "$SEARCH" > /etc/resolv.conf
+fi
+
+/sbin/ifconfig $CLIENT_IFACE $1 netmask $4
+ip route delete default
+/sbin/route add default gw $2 $CLIENT_IFACE
+
diff --git a/PSA/scripts/ping.sh b/PSA/scripts/ping.sh
new file mode 100644
index 0000000..2fac369
--- /dev/null
+++ b/PSA/scripts/ping.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+#
+# status.sh
+# 
+# This script is called by the PSA API when the PSA is requested to ping.
+# 
+# Return value: 
+# ping result
+#
+
+COMMAND_OUTPUT="$(ping -c 3 www.google.com)"
+echo ${COMMAND_OUTPUT}
+exit 1;
+
diff --git a/PSA/scripts/start.sh b/PSA/scripts/start.sh
new file mode 100644
index 0000000..76163ae
--- /dev/null
+++ b/PSA/scripts/start.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+#
+# start.sh
+#   Created:    03/01/2016
+#   Author:     Diego Montero
+#
+#   Description:
+#       Start script for the PSA-squid
+#
+# This script is called by the PSA API when the PSA is requested to be started.
+
+# Load PSA's current configuration
+
+##############################################################
+
+ipsec stop
+
+ipsec start
+
+sleep 1
+
+if P=$(ipsec status psa | grep INSTALLED)
+then
+    echo "ipsec already started"
+    exit 1
+else
+    ipsec up psa
+    echo "ipsec started"
+fi
+
+exit 1;
+
diff --git a/PSA/scripts/status.sh b/PSA/scripts/status.sh
new file mode 100644
index 0000000..33c354c
--- /dev/null
+++ b/PSA/scripts/status.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+#
+# status.sh
+#   Created:    03/01/2016
+#   Author:     Diego Montero
+#   
+#   Description:
+#       Script that returns the current status of the PSA-squid.
+#       TBD the expected returned result (this is an example)...
+# 
+# This script is called by the PSA API when the PSA's runtime status is requested.
+# 
+# Return value: 
+# 1: PSA is alive
+# 0: PSA not running correctly.
+#
+#SERVICE=squid3
+#if P=$(pgrep $SERVICE)
+#then
+#    echo 1
+#    exit 1
+#else
+#    echo 0
+#    exit 0
+#fi
+
+echo 1
+exit 1
diff --git a/PSA/scripts/stop.sh b/PSA/scripts/stop.sh
new file mode 100644
index 0000000..00d8a8b
--- /dev/null
+++ b/PSA/scripts/stop.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+#
+# stop.sh
+#   Created:    03/01/2016
+#   Author:     Diego Montero
+#   
+#   Description:
+#       This script stops squid3 and clear the configuration environmet.
+# 
+# This script is called by the PSA API when the PSA is requested to be stopped.
+# 
+
+ip route flush cache
+
+##########################################################
+echo "flusing ebtables"
+ebtables -F
+ebtables -X
+for T in filter nat broute; do   ebtables -t $T -F;   ebtables -t $T -X; done
+ebtables -P INPUT ACCEPT
+ebtables -P FORWARD ACCEPT
+ebtables -P OUTPUT ACCEPT
+
+echo "stopping ipsec"
+ipsec stop
+
+echo "PSA Stopped"
+exit 1;
+
diff --git a/Readme.md b/Readme.md
new file mode 100644
index 0000000..e80fcb1
--- /dev/null
+++ b/Readme.md
@@ -0,0 +1,239 @@
+# 1. End-user 
+
+## 1.1 Description / general readme
+
+
+Most of the enterprises have more than one branch office and is very common to communicate them using an VPN. Corporate VPN PSA main point is to offer the user the possibility of having access to a server in the same enterprise, using an encrypted VPN tunnel. The tunnelling technology used for this PSA is Strongswan. 
+
+![Corporate VPN PSA schema](images/end_user_psa_vpn_schema.png)
+
+## 1.2 Features / Capabilities
+
+The capabilities extracted from manifest:
+
+* Confidentiality protection
+* Integrity protection
+* IPSec protocol
+
+The most important features are:
+* Strongswan tunnels
+* IPsec default encription protocol using certificates
+
+## 1.3 Security policy examples
+
+
+```
+father;prot_conf_integr;Internet_traffic
+```
+
+* Enables the integrity protection
+
+```
+father;prot_conf;Internet_traffic
+```
+
+* Enables the confidentiality protection
+
+```
+father;prot_integr;Internet_traffic
+```
+
+* Allows the IPsec protocol for the tunelling
+
+
+## 1.4 Support, troubleshooting / known issues
+
+We totally supose both the server and the PSA have the correct certificates. For this reason, the only parameter the user must specify is the server ip address.
+
+If there is any problem please ask your admin.
+
+# 2. Developer / admin
+
+## Description / general readme
+
+The Corporate VPN PSA offers a secured tunnel to an enterprise server using the Strongswan technology. 
+
+## Components and Requirements
+
+VM technology allows creating a full system for the PSA. The components used in this PSA are:
+
+* Operative System: Debian 7 "wheezy"
+* iptables 
+* ebtables
+* jq
+* brigde-utils
+* Strongswan 5.1.2
+
+From the PSA configuration it is needed to have an IP address in the PSA belonging to the same LAN than End user.
+
+For the correct performance of the secured tunnel it is needed to have the VPN server well configured using the proper certificates and Strongswan configuration. For the ipsec.conf file you can follow the next example:
+
+```
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+config setup
+
+conn %default
+    ikelifetime=60m
+    keylife=20m
+    rekeymargin=3m
+    keyingtries=3
+    keyexchange=ikev2
+ 
+    # various keepalive settings
+    dpdaction=clear
+    dpddelay=300s
+    left=[admin must put the server IP address]
+    leftfirewall=yes
+    leftsubnet=0.0.0.0/0
+    leftcert=clientCert.der	
+    leftid=[must correspond to the certificate id]
+conn psa
+    right=%any
+    #rightdns=10.31.0.1,8.8.8.8,8.8.4.4
+    rightdns=8.8.8.8,8.8.4.4
+    rightid=[must correspond to the certificate id]
+    rightsourceip=[local NED ip subnetwork]
+    rightsubnet=[local user ip subnetwork]
+    auto=add
+    rightfirewall=yes
+
+```
+
+## Detailed architecture
+
+There are several components in the internal architecture:
+
+* **Inspect and route traffic**. **ebtables** is used to set up rules to inspect Ethernet frames between eth0 and eth1 and force the traffic to be routed instead of being just bridged. By this, the traffic will be routed through the Strongswan tunnel. 
+
+* **Use the tunnel**. **Strongswan**  passes all the traffic through the IPsec tunnel, except the 10.0.0.0/8 LAN. This LAN is needed to communicate with the NED directly.
+
+The next figure shows the internal communication with/from the PSA:
+
+![Corporate VPN PSA schema](images/psa_vpn_schema.png)
+
+### Rules
+
+Only the traffic going to the 10.0.0.0/8 stays in the local LAN, all the other traffic passes through the tunnel.
+
+### Certificates
+
+For the correct performance the certificates must be exchanged between the client and server of the Strongswan tunnel. For their generation you can follow this [tutorial](https://wiki.strongswan.org/projects/1/wiki/SimpleCA) from the Strongswan site.
+
+In our case, we used our own server (147.83.42.207) which already has the correct certificates for the PSA image. You can access to both the [server](strongswan/server) and [client](strongswan/psa) certificates.
+
+
+## Virtual machine image creation
+
+The procedure to create a valid PSA image from scratch start with the prerequisite instructions defined in  [PSA Developer guide](https://github.com/SECURED-FP7/secured-psa-develop-test) to obtain a valid base image for PSA. 
+
+Install the software Strongswan 5.1.2:
+
+	sudo apt-get install strongswan
+
+Copy the necessary [files](PSA) of this project in the folder:
+
+```
+$HOME/phytonScript/
+```
+
+## Mobility Support
+This PSA supports the mobility scenario.
+
+## Support, troubleshooting / known issues
+
+If there are any known issues, list them
+
+We totally supose both the server and the PSA have the correct certificates. For this reason, the only parameter the user must specify is the server ip address.
+
+## Files required
+
+No extra files required.
+
+### PSA application image
+
+PSA is based on a Virtual machine image in KVM- kernel module format ".qcow2". A [sample image has been included](https://vm-images.secured-fp7.eu/images/priv/corporate-vpnPSA.qcow2) in the project.
+
+### Manifest
+
+
+* XML 
+
+The PSA manifest in format XML is available at [Manifest](NED_files/TVDM/PSAManifest/corporate-vpnPSA.xml).
+This file must be stored in the PSAR. And reflects the capabilities described below. 
+
+* JSON
+The PSA manifest is available at [Manifest](NED_files/TVDM/PSAManifest/corporate-vpnPSA).
+
+
+### HSPL
+
+The HSPL format is defined as follows:
+
+* D4.1 format:
+
+```
+father;prot_conf_integr;Internet_traffic
+
+father;prot_conf;Internet_traffic
+
+father;prot_integr;Internet_traffic
+```
+
+* More friendly:
+
+```
+I enable the integrity protection on my internet traffic
+
+I enable the protection on my internet traffic
+
+I accept the IPSec protocol as my tunneling technology on my internet traffic
+```
+
+### MSPL
+
+An example of MSPL for this PSA are accesible at SPM project: [UPC_server_connection_MSPL](https://github.com/SECURED-FP7/secured-spm/blob/master/M2LService/code/M2LPluginStrongswan/test_conf.mspl.base64)
+
+### M2L Plug-in
+
+The M2l plug-in is available at [M2LPlugin](https://github.com/SECURED-FP7/secured-spm/blob/master/M2LService/code/M2LPluginStrongswan/src/eu/securedfp7/m2lservice/plugin/M2LPlugin.java)
+
+Current version of this plugin will generate a low level configuration like [this one](NED_files/TVDM/psaConfigs/corporate-vpnPSA/corporate-vpn_user8)
+
+This plugin do not need additional external information in this version that must be store in the PSAR.
+
+
+## Features/Capabilities
+
+The capabilities extracted from manifest:
+
+* Confidentiality protection
+* Integrity protection
+* IPSec protocol
+
+The most important features are:
+* Strongswan tunnels
+* IPsec default encription protocol using certificates
+
+## Testing
+
+Testing scripts are available at [test folder](tests/)
+
+
+# 3. License
+
+Please refer to project LICENSE file.
+
+This software incorporate only Strongswan which is an open source software licensed under the [GNU GPL](http://www.gnu.org/licenses/gpl-2.0.html).
+
+# Additional Information 
+## Partners involved
+
+* Application: UPC
+* MSPL: POLITO,UPC 
+* M2L Plugin: UPC
+
+# Status (OK/No/Partial) -*OK*-
+
+# TODO:
+* Tests
+
diff --git a/copy_psa_sw_to_vm.sh b/copy_psa_sw_to_vm.sh
new file mode 100644
index 0000000..676dcc8
--- /dev/null
+++ b/copy_psa_sw_to_vm.sh
@@ -0,0 +1,31 @@
+# Uses libguestfs - Installation guide: http://www.libguestfs.org/
+#
+# Run this as sudo and run this file from the folder that contains PSC folder. 
+# 
+# Make sure that:
+# 1) SW_PATH directory exists in the target IMG.
+# 2) Make sure that intefaces and boot_script_psa have executable permission (+x). 
+# 
+# WARNING: Using this on live virtual machines can be dangerous, potentially causing disk corruption! The virtual machine must be shut down before using this script!
+
+IMG="/var/lib/libvirt/images/corporate-vpnPSA.qcow2"
+SW_PATH="/home/psa/pythonScript/"
+
+# Copy python files
+echo -n "copy PSA SW... "
+virt-copy-in -a $IMG PSA/* $SW_PATH
+echo "done."
+
+# Copy interfaces file
+echo -n "copy interfaces... "
+virt-copy-in -a $IMG PSA/interfaces /etc/network/
+echo "done."
+
+# Copy boot script that is executed when interfaces are up
+echo -n "copy boot_script_psa... "
+virt-copy-in -a $IMG PSA/boot_script_psa /etc/network/if-up.d/
+echo "done."
+
+#Copy the hostname
+virt-copy-in -a $IMG hostname /etc/
+virt-copy-in -a $IMG hosts /etc/
diff --git a/copy_psa_to_ned.sh b/copy_psa_to_ned.sh
new file mode 100644
index 0000000..0780c71
--- /dev/null
+++ b/copy_psa_to_ned.sh
@@ -0,0 +1,51 @@
+#!/bin/bash
+#
+# This script copies the PSA codes into the NED v0.6 implementation folders, namely:
+# 1) PSCM/userList
+# 2) TVDM/psaConfigs/[psaID] folder
+# 3) TVDM/PSAManifest/[psaID] file
+# 4) TVDM/userGraph/[psaID] file
+#
+# One parameter is required - the full path to your destination NED v0.5.1 dir, e.g., /home/ned/NED/.
+# Note: This will overwrite existing configurations for the PSA_ID and the USER inside your NED!
+
+if [ $# -ne 1 ] ; then
+	echo "Usage: $0 [Full path to NED directory where the PSA files are to be copied (e.g., /home/ned/NED/)]"
+	exit 1
+fi
+
+NED_VERSION=v0.5.1
+
+# Note: If you use this for other PSAs, please rename the PSA_ID as such (the config folders have to match in NED_files/TVDM/)!
+PSA_ID="strongswan"
+USER="user8"
+PW=" secuser"
+PSCM_PATH=$1PSCM/
+NED_PATH=$1
+USER_LIST=userList
+
+TEMPLATES=NED_files_template/TVDM/
+
+if [ ! -f $PSCM_PATH$USER_LIST ]; then
+echo "$PSCM_PATH$USER_LIST file does not exist."
+echo "Usage: $0 [full path to NED directory where the PSA files are to be copied (e.g., /home/ned/NED/)]"
+	exit 1
+fi
+
+# 1
+#################################################################################
+echo "Checking if PSA user exists in PSCM/userList"
+user_pw=" secuser"
+user_cred=$PSA_ID$user_pw
+
+if grep -q "$USER" $PSCM_PATH"$USER_LIST"; then
+    echo "User existed in PSCM/userList, skipping creation of new user."
+else
+    echo "User not in PSCM/userList file, creating new user."
+    echo $USER$PW >> $PSCM_PATH$USER_LIST
+fi
+
+# 2
+#################################################################################
+echo "Copying PSA files into NED $NED_VERSION folders"
+cp -avr NED_files/TVDM $NED_PATH
diff --git a/hostname b/hostname
new file mode 100644
index 0000000..7bf26d1
--- /dev/null
+++ b/hostname
@@ -0,0 +1 @@
+PSA-corporatevpn
diff --git a/hosts b/hosts
new file mode 100644
index 0000000..c6c3c79
--- /dev/null
+++ b/hosts
@@ -0,0 +1,7 @@
+127.0.0.1	localhost
+127.0.1.1	PSA-corporatevpn
+
+# The following lines are desirable for IPv6 capable hosts
+::1     localhost ip6-localhost ip6-loopback
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
diff --git a/images/end_user_psa_vpn_schema.png b/images/end_user_psa_vpn_schema.png
new file mode 100644
index 0000000..89db0f5
Binary files /dev/null and b/images/end_user_psa_vpn_schema.png differ
diff --git a/images/psa_vpn_schema.png b/images/psa_vpn_schema.png
new file mode 100644
index 0000000..ca30c93
Binary files /dev/null and b/images/psa_vpn_schema.png differ
diff --git a/strongswan.xml b/strongswan.xml
new file mode 100644
index 0000000..467ec9f
--- /dev/null
+++ b/strongswan.xml
@@ -0,0 +1,130 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- PSA Manifest instance - version 1.1 - 3 Sep 2014 -->
+<PSAManifest xmlns="https://www.secured-fp7.eu/ref/PSA_manifest/"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="https://www.secured-fp7.eu/ref/PSA_manifest/ file:PSA_manifest_v1.1.xsd">
+    <general_info>
+        <PSA_ID>strongswan</PSA_ID>
+        <name>Strongswan PSA</name>
+        <description>Most of the enterprises have more than one branch office and is very commun to communicate them using an VPN. Corporate VPN PSA main point is to offer the user the possibility of having access to a server in the same enterprise, using an encrypted VPN tunnel. The tunnelling technology used for this PSA is Strongswan. </description>
+        <web_site>https://www.secured-fp7.eu/</web_site>
+        <version>1.00</version>
+        <vendor>UPC</vendor>
+        <author>Alicia Vila</author>
+        <EULA></EULA>
+        <licence>GPLv2</licence>
+    </general_info>
+    <functionality>
+        <capability>
+            <access_control>
+                <traffic_filter>
+                    <application_filter>
+                        <name>Tunnelling</name>
+                        <implementedBy>strongswan</implementedBy>
+                        <type>encrypted tunnel</type>
+                    </application_filter>
+                </traffic_filter>
+           </access_control>
+            <HSPL_capability>
+                <capability_list>Protection_confidentiality</capability_list>
+                <capability_list>Protection_integrity</capability_list>
+                <capability_list>IPSec_protocol</capability_list>
+            </HSPL_capability>
+        </capability>
+        <M2L_translation_info>
+            <security_control>
+                <id>corporate-vpn</id>
+                <name>Secured tunnel</name>
+                <description>This plugin converts MSPL to IPSec configuration</description>
+                <plugin>
+                    <id>corporate-vpn_M2L_plugin</id>
+                    <name>Corporate VPN M2LPlugin</name>
+                    <URL>http://195.235.93.146:8080/v1/PSA/M2Lplugins/PSA-corporate-vpn</URL>
+                    <command>none</command>
+                </plugin>
+                <configuration_file>corporate-vpn_M2L_plugin.jar</configuration_file>
+            </security_control>
+        </M2L_translation_info>
+        <performance>
+            <network_throughput unit="Mbit/s">
+                <value>10</value>
+            </network_throughput>
+            <simultaneous_connections unit="conn/s">
+                <value>10</value>
+            </simultaneous_connections>
+            <max_numer_of_operations_rules>2</max_numer_of_operations_rules>
+            <max_numer_of_users>10</max_numer_of_users>
+        </performance>
+    <optimization_parameter cost="1.0" latency="1.0" rating="1.0" />
+    </functionality>
+    <execution_model>
+        <infrastructure>
+            <hw_requirement>
+                <cpu_unit>1</cpu_unit>
+                <cpu_architecture>x86_64</cpu_architecture>
+                <cpu_family>Intel</cpu_family>
+                <RAM_size unit="GB">
+                    <value>1</value>
+                </RAM_size>
+                <disk_size unit="GB">
+                    <value>2</value>
+                </disk_size>
+                <bandwidth unit="Mbit/s">
+                    <value>10</value>
+                </bandwidth>
+                <max_delay unit="ms">
+                    <value>2000</value>
+                </max_delay>
+            </hw_requirement>
+            <sw_requirement>
+                <OS_type>Debian</OS_type>
+                <OS_version>7.0</OS_version>
+                <OS_architecture>x86_64</OS_architecture>
+            </sw_requirement>
+        </infrastructure>
+        <security_availability/>
+        <mobility>
+            <migration_support>cold migration</migration_support>
+            <type>stateless</type>
+        </mobility>
+        <PSC_dependency/>
+        <additional_requirement/>
+    </execution_model>
+    <configuration>
+        <PSA_format>img</PSA_format>
+        <security_control_configuration>
+            <security_control_ID>corporate-vpn_M2L_plugin</security_control_ID>
+            <configuration_file>corporate-vpn_M2L_plugin.jar</configuration_file>
+            <executable>java</executable>
+        </security_control_configuration>
+        <network_card_no>1</network_card_no>
+        <network_card_configuration>
+            <card_ID>eth0</card_ID>
+            <MAC_address>00:00:00:00:00:00</MAC_address>
+            <IP_address>1.1.1.1</IP_address>
+            <netmask>255.255.255.0</netmask>
+        </network_card_configuration>
+        <network_card_configuration>
+            <card_ID>eth1</card_ID>
+            <MAC_address>00:00:00:00:00:01</MAC_address>
+            <IP_address>192.168.1.1</IP_address>
+            <netmask>255.255.255.0</netmask>
+        </network_card_configuration>
+        <network_configuration>
+            <gateway_IP_address>1.1.1.250</gateway_IP_address>
+            <DNS_IP_address>8.8.8.8</DNS_IP_address>
+        </network_configuration>
+        <kernel_configuration/>
+    </configuration>
+    <monitoring>
+        <input_bandwidth unit="Kbit/s">
+            <value>100</value>
+        </input_bandwidth>
+        <output_bandwidth unit="Kbit/s">
+            <value>10</value>
+        </output_bandwidth>
+        <delay unit="ms">
+            <value>10</value>
+        </delay>
+    </monitoring>
+</PSAManifest>
diff --git a/strongswan/psa/ipsec.conf b/strongswan/psa/ipsec.conf
new file mode 100644
index 0000000..0098b53
--- /dev/null
+++ b/strongswan/psa/ipsec.conf
@@ -0,0 +1,29 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+config setup
+
+conn %default
+    ikelifetime=60m
+    keylife=20m
+    rekeymargin=3m
+    keyingtries=3
+    keyexchange=ikev2
+
+conn my_lan
+    left=%any
+    leftsubnet=192.168.2.0/24 #,10.2.0.0/16
+    rightsubnet=192.168.2.0/24 #,10.2.0.0/16
+    authby=never
+    type=passthrough
+    auto=route
+
+conn psa
+    left=%any
+    leftsourceip=%config
+    leftcert=ClientCert.pem
+    leftsubnet=10.2.2.0/16
+    leftid=psa@secured.eu
+    leftfirewall=yes
+    right=147.83.42.191
+    rightsubnet=0.0.0.0/0
+    rightid=@vpn.secured.eu
+    auto=add
diff --git a/strongswan/psa/ipsec.d/cacerts/strongswanCert.pem b/strongswan/psa/ipsec.d/cacerts/strongswanCert.pem
new file mode 100644
index 0000000..00a71e8
--- /dev/null
+++ b/strongswan/psa/ipsec.d/cacerts/strongswanCert.pem
@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFNjCCAx6gAwIBAgIIEkPUG0+7tv8wDQYJKoZIhvcNAQEFBQAwOTELMAkGA1UE
+BhMCRVMxEDAOBgNVBAoTB1NlY3VyZWQxGDAWBgNVBAMTD1NlY3VyZWQgUm9vdCBD
+QTAeFw0xNjAyMjkxNjE5NTVaFw0yNjAyMjYxNjE5NTVaMDkxCzAJBgNVBAYTAkVT
+MRAwDgYDVQQKEwdTZWN1cmVkMRgwFgYDVQQDEw9TZWN1cmVkIFJvb3QgQ0EwggIi
+MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ18n1g4CaO4UmNQBCvVA0hZjs
+yY2I1PLhgnQS4tUu6zTb8CqL2qNr/lPh/PuDMhCDnyAdSvO+RrBRBbIKrDet1Ee6
+74lQnrhcN0b+8wQu3xBTwhMpg8iAPduJdDhdzDGrc0sKeUvJ2RnjQmyqNGTvCezl
+7F/xb1UKKg1uZGTorqdxYg09v/6rg51/vd1xnjAaMI5aC4zSbmhDMgNowrNdVtW/
+qC7XQ+mgRNqDdf/ac63vnpNbKt8GhPjEVo/pJUSgNThpyBob5DTbSgFDPXxUjUyQ
+QMwB4NW4CcxqhzoYdrhZXL/BAi7i/bLliX5ivOzKQHEbmfnwHwIyO39/OoEHFNnE
+QC3YjDynFfdyx9LthxeaMFYXFmU/iWtL7qMfZb6IeiV1vkXchC8O/4aYzSqBskHX
+XDwojlxMWYKfb9cJSfiOSbaaLvr1Gof2rjQSDEiJhdvynTE/Qf1wCmQDnLBfwZOv
+d8mMdpi9g0Bqg3JF9/GuvebRJK8CKLcQM6wvn3W8YrxoFDDkH9ni+eLTRjZcazX1
+UuDL6lnWn2ZzO/ND54VSBwE/hPMcV63iSYWcNJP/Q69T2pXBrTigSBhlwaXuzRIF
+/7YmrOwqag7d9lA3mej+jsaygA3L/f1CpI9HWjgZD16S2D83qWjcR66UqNDz8mFf
+DPdLOQROZi5u+OLTHQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
+/wQEAwIBBjAdBgNVHQ4EFgQUMPENpHawLXFavG47snr+cfvNR5QwDQYJKoZIhvcN
+AQEFBQADggIBAFfyR9Q8h4poKaPu4Yh0uKVPDQSnX+xE/xw/acWu6NTck85TYP7G
+s3U7+7IcEOaA/JJc5XhKEINQKj5qi28wzQzUg+bBoGAkd2PlfJZrLAULdNKBBjwH
+7biMUIZFuPKhIJkgVK45o9gukQZW6azZ6uB0QYRD1usFrmqnERtNSYYv7QR1OuTp
+MjHNdyyPok3vrcaYORg5bFmbPeyy/LPvyzHnv9eKR/ykj9Y7nCjBRq2sEa30bwzU
+LFsEYmhrZs2Ja2YA9NjUWE6DOZdLrOjQDLHObGxVnLgzRrnwVqq33RJxCHGhcV7A
+DjhVSH1qRs0OD/LhRpJIO/n7z/xPAH/T2/UhVpiuPQoHIfVWEgfUaZjl9jOBMhXm
+iXJAA4RQLSH35cj8OntuEegE4ZdW1zTqmGmh3VjWf7hKv8FhpdQTCctVlTCDzOs7
+fWEVmupmgc2xBp6sW6e3ioo4CtPDoT+S23ve56gb7QV6UfMuZPeyFkFNgVCDwRBM
+aVXd3WLey3c3D+j4cI+kbtwY8340grA8KALrh2VNbRDFh45vn2c3TAzcfIP2g+Bu
+byNuWZ24IqIyhx1ottLo9KvtPM7S4vcNAuVtiVon3WLeRQlR3UZ316yenJy49NUJ
+Q6PsMWHks5fqE9nVWU/AdflWYOJnX3ooi8EK3UD7sQC/21UyF/UFZdGd
+-----END CERTIFICATE-----
diff --git a/strongswan/psa/ipsec.d/certs/ClientCert.pem b/strongswan/psa/ipsec.d/certs/ClientCert.pem
new file mode 100644
index 0000000..9a878a7
--- /dev/null
+++ b/strongswan/psa/ipsec.d/certs/ClientCert.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEMTCCAhmgAwIBAgIIPumjqfUrjEIwDQYJKoZIhvcNAQEFBQAwOTELMAkGA1UE
+BhMCRVMxEDAOBgNVBAoTB1NlY3VyZWQxGDAWBgNVBAMTD1NlY3VyZWQgUm9vdCBD
+QTAeFw0xNjAyMjkxNjIyMjlaFw0xODAyMjgxNjIyMjlaMDgxCzAJBgNVBAYTAkVT
+MRAwDgYDVQQKEwdTZWN1cmVkMRcwFQYDVQQDFA5wc2FAc2VjdXJlZC5ldTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALUgqBMyLno3i4cBqByZJCpcZVsr
+dvn9fSu2KsImPcl8Nh7m6fymspzyyV+G6ZwDCKL+HA7rzpC+SBf6I0/cj03FhCmo
+eSxBCLn7ZICvb5OLCmXuOdrP5j7TMyH5fEGMOWoAQKL4OZlvDqWQO4FhSiGvY24m
+e+cb81tkTRb34FxhzqA6fB/vVpusM7WygGhAI7AkA4UdmFG2cOa0UN+0d9XXUr7z
+l8DZYxqvVd0UPCxN7Z4vs5+19ge9UMs9TEz1jmTLBtNfVdOKqflQf8PObWBkG2EC
+ddWLQ57IrJeNaD4+t1VsXk+H45n/Zl0BIOgiWF9lW3qtEfZkqaMIvr7prt8CAwEA
+AaM+MDwwHwYDVR0jBBgwFoAUMPENpHawLXFavG47snr+cfvNR5QwGQYDVR0RBBIw
+EIEOcHNhQHNlY3VyZWQuZXUwDQYJKoZIhvcNAQEFBQADggIBALXhl4J3IvoMLuWT
+X8ofgyg0M0D+Je0y/P1yjajQ6jTmszlH9E2j7vPCus598CCxDHn0URR60kaB6W0F
+i4pSqsBo2ctW+8rZpyAhL/Uo3VwZCkSKSFTC5YeJR9zopPxZemQGqxbnD7pKWfTX
+r+CMiA1IkoDUoLOh25MaHTn9OWeSouQJH41S1zuq+W7rpZPrABRrMNUqID32eQhK
+rPtyTS96TIJTbng02PTk+0FLQLyVrDh4mVR8ZALzyBnAmZGsaIGGKw2ff7P+DgZZ
+UlyXM+1F4HRCsGINoDTMkDUZkLUP2gZQfV/bysK3zvZy1UrFjQRbk/76SIwyE4+K
+zdf32UcUpwoCy6FAAHSlUbiDVFX9VA70R1ibGnXSiy45CsYOvNGp6rX+zkE1hfva
+6gFLiyCXt1ns8/GIw51RzGeCOYqzX0Xo4m6H2frfMBOGnJ3Mq6yaT5q/JUf95f31
+qXSgkmdV0NxYQugrFWAA3+mAtmCUj7qh5zejDDtbV6RGApEAr9w+MARbXd69UDRD
+GHTpZLcfTti/czqUOfcUFcYxO6+2qxQXdloTOv0mIppoQ8Waawk7lNpT7cWqxUnU
+isZCAEq6CvZ6VPiYoRPeYwrPfOl+/B5Mx6N0Grt5HNFSwzyBnXy8gq0hO873Hy4z
+eG898qPQSAlOHnHeiGzPn104HHSh
+-----END CERTIFICATE-----
diff --git a/strongswan/psa/ipsec.d/certs/vpnHostCert.pem b/strongswan/psa/ipsec.d/certs/vpnHostCert.pem
new file mode 100644
index 0000000..ebe9d7b
--- /dev/null
+++ b/strongswan/psa/ipsec.d/certs/vpnHostCert.pem
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEUDCCAjigAwIBAgIILdCBejeojQcwDQYJKoZIhvcNAQEFBQAwOTELMAkGA1UE
+BhMCRVMxEDAOBgNVBAoTB1NlY3VyZWQxGDAWBgNVBAMTD1NlY3VyZWQgUm9vdCBD
+QTAeFw0xNjAyMjkxNzIwNTVaFw0xODAyMjgxNzIwNTVaMDgxCzAJBgNVBAYTAkVT
+MRAwDgYDVQQKEwdTZWN1cmVkMRcwFQYDVQQDEw52cG4uc2VjdXJlZC5ldTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMzmpbOKgqqq7ahSVDybx7PGNEdL
+ltVQXTFZbMKqr3tEmOqdU+42PRbO02PtVxx+a+hIqIFcBMMK9meuMtFM+es2GdKN
+k5UC/sPDTBxDAD3o3s2MQh5gLrHaEIgSYJSoy0jsuY2mfwLDQNsskvV/hcTROi6s
+outxEYT/oUWrsXSt+hOO/J+Eh21ItHlPyNQXVBYalxWN+esTVNL/7PfFwSWQT6AG
+bTJJ6W+mpX5pdEnl9dbJrduTpMRCRxN7t1UGf7WyZbY+1ZgLfjrcxdtEcJpH1Fsw
+r6W+aCYKO/6e86f7orYsRAkf5+hZvtxt33hB8YCq3rN0cLuWeOlrM9Cn/YECAwEA
+AaNdMFswHwYDVR0jBBgwFoAUMPENpHawLXFavG47snr+cfvNR5QwGQYDVR0RBBIw
+EIIOdnBuLnNlY3VyZWQuZXUwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFCAIC
+MA0GCSqGSIb3DQEBBQUAA4ICAQAI4vR/sjwFVocDqjf64DvXVsVmo+5iinc9dU96
+l/YCheC8ZXGyMbeuzTZ2b3xkYFQXGFJ1qcFse0VBGec4aj1d79vw7mIixcbsVSRZ
+jHqSY6LaqGWnmguDUmYViG+qoKJAh6N3802kDJw9/ovv22B2WssktLMbYvx0no7c
+wt8dmlK2OCyEAUN6SzlItwYSdPtI5MjpTvDAKYGHP5NfEsPh1zrOr3Ll+wEzLfzg
+MvZRiBJIjsCe9YBOalndi9HTm6dTvTtPVT6ZJX9tPdXfeyQ2sqXqU6UF819LDnnp
+/b5+dADiAGbj3+Kj0c3rjc/dS15WHp1qJoTPUpxngcJDqELAFaNB1H2tCg9a9BwM
+9ke8YX8wV+DBMzlLGfPT2ijfJrlcuc/AszgnH7Y0npKAFFVMLOR8wfh5gaBduB9I
+rYEPrN3mn+El/AFYOKohKNXY9BJ+W3ZruNFZMYmxbCdmzPhFt4AYgumFkBNFI3XV
+tsTxARLhmwfeuwaqbq5bBfkFAfRO0RGlsfz1HeYPeyIlGoBu+VzeDEKPXqpJQ02b
+s8hwgNhawqjwN6lba1T5XJnKxgXcY1Duf9ohQZ94wLcP8fvKO9OqOuyww5lF88LP
+4DytW81hUAmoJug0nwmdUmLB5Pv1J8AgXW7OtpBauQaeeByckWSvh685DFSYa48l
+IyFUKQ==
+-----END CERTIFICATE-----
diff --git a/strongswan/psa/ipsec.d/private/ClientKey.pem b/strongswan/psa/ipsec.d/private/ClientKey.pem
new file mode 100644
index 0000000..a2ad836
--- /dev/null
+++ b/strongswan/psa/ipsec.d/private/ClientKey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAtSCoEzIuejeLhwGoHJkkKlxlWyt2+f19K7YqwiY9yXw2Hubp
+/KaynPLJX4bpnAMIov4cDuvOkL5IF/ojT9yPTcWEKah5LEEIuftkgK9vk4sKZe45
+2s/mPtMzIfl8QYw5agBAovg5mW8OpZA7gWFKIa9jbiZ75xvzW2RNFvfgXGHOoDp8
+H+9Wm6wztbKAaEAjsCQDhR2YUbZw5rRQ37R31ddSvvOXwNljGq9V3RQ8LE3tni+z
+n7X2B71Qyz1MTPWOZMsG019V04qp+VB/w85tYGQbYQJ11YtDnsisl41oPj63VWxe
+T4fjmf9mXQEg6CJYX2Vbeq0R9mSpowi+vumu3wIDAQABAoIBAHRaih3qupigXe1Y
+Txov9l+QAzxR65gkEuilmUonLsHkHRA03lMC8vKHtHy9OgySllW+T1/2czfgRIfC
+lDSVRyl6nK/2HgEjtetjZuiTymVJiGB6bIf3zbzGB67nib7ByZAioWMPelDqWspY
+oSE30ltZQ9JavnV0Kxymji8XBPXSejT7hRRp3/eSGaXFxI0YOk4SDcEwnr1gA+bb
+BpFIfFhvB80uMBk+iwHrY7fLoznXww7oZX4U9jGAixfYd6K7jtzR4Vj0toMkX1ww
+FB2Hn1xlHNPjg2ldVom3p0MaWwJJ8DLaxWv7at4HO+kpwI9vDIgu41fBTps5d6L8
+O4dGGCECgYEA189T+qrb6fRyNEOkeZWf4GeUcgrxXwqOovAB9D7p2RHoSJ1h1cYa
+VWgIohHC/J1uWiiKUgeLhBAl3pcG9wMWUKC4am4K4/yCvCjOOoZX5Zdw6+HVnHFv
+PAk1fd4i9mkEzJxVtXJxu80LfKc2hH4Geq8Xs4EE3q+S58ATxb90H5UCgYEA1tvc
+Dv5WT3sqOqYJZCIC/mL5NEzeai3wqA0II/pUkhAqe9DUP8gdLqDheyzVFclT6Frk
+3Kdmw8Akilq34X3Of1BvuwzIDio/MzRoMb9fu/tq2PMGFR+DkspwnQ+nzIFayVjS
+/cI0WOyiB6ADIJQkNX/hM92C5hJzj6geywGKh6MCgYBHFAkTyUxvDMzEe/bi+K3U
+iijxOrtu0xpRff0WxdXdYbGAoR1E/F9V+9LEFleDPhLHbQzJoaSI1YyzeEiZ+JFT
+8utqWl4J4vPoJwRtcCvo+Wz+s73YLeA2BM5ya0RWphYnkeIExfHBqfH7l1M0ZhGa
+PKrwuzCwa2FWJQQeIEWN1QKBgCvw3OloFIi+vJ0v9b23wvr5jNOoYNhAOvZza9XH
+zWHt0nJt++prZ6RwnIyPV6jT+sgLRsDlr3ubIR32faKtEv0wmxka/RMAitpS/ngm
+FlMgkPJ7iSPqxQLRSgSk/gEx9zo0YzoobII/Ksf6bolMIreaRplP1QRug5m+nUWR
+NB6XAoGAALSMJlqZq9UqIu22/vwIhP2PcZPjrFif+QkdU6f3cyJZ4mzPr7rQjCJP
+fADhA5McGkTjh4kBTN7Bb0PTnxrUDYpAeWgkgwozZEKAp92g8UUtWkjK2KyIwQ9f
+n+xD50NWlsgf/EGVPzh1RFGD/fl6Yfc6tCYK+wWctSLDbWtxgzc=
+-----END RSA PRIVATE KEY-----
diff --git a/strongswan/psa/ipsec.d/private/vpnHostKey.pem b/strongswan/psa/ipsec.d/private/vpnHostKey.pem
new file mode 100644
index 0000000..e21fe7b
--- /dev/null
+++ b/strongswan/psa/ipsec.d/private/vpnHostKey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEArsN9VEcJOJ+kxHYUdQ/3ih9gwRg/NrfK9mgh7IAt73SizXR/
+XYTQxkfQnma1m6R4OiTcQSbseNYKRRpbHbNBp2pN2tZ3PmMGztKdpxPE+ORu+65T
+eKnzUJcIbI4n0axC76YtbFzS2JiFIlyNz+o8GJcvsJ1WMo3yjjLLopzOnOqzpi50
+Dy8OPpb2orORAVWp7NA+ySYrxPSH26zbGEv4fSmGBT/Zr/CcSyTZo7i/MnMnCVnr
+FglFQSqrY6Zrmf50XCCYVcc28SmJfKoh+S9kAzZIzP7dvUp9AFQQgFb48scxMSnC
+42yE2EgQW5DoX1XmOa1E3nSVpa0Q8FhkxQT/SQIDAQABAoIBAGtO6/jAuX/EPtbH
+Ll6G1FdCVxWZvs7pYb2VSSc/uXTr6D9Bhic1M0BcvlNU+7Q68/u3wGpc7RxxSNMP
+kN0WwXx7wJxbzdJH2dlK57S8Zdjx4te1Pdm8eQOGCY0maHrNTDh8kC2WfXyzgiQM
+MqN0zzvGMWk/4rqeAE6iD/mkURV13+IUfY1Wl9IxHHugCBQppu7vsEWCarBS1eQm
+qXjrdyF+929OT6vJRWvambOofcuYSM3adL6d74F4wk2Zyy/RcUMtgld+aZzzJ1qo
+196spOEs6iWxXDziFHk6rBZoBqfeFJIMtaeBL1pvzdGlNVVm5RNl2a6cUaGDL8SU
+CHFJIhECgYEA05IUpCIR9FQASl8xRWbUql/hktRIpP/8HeA7A/ryAF+K8xsfuXjf
+gcsz1fYhpk11c3K2f4l5+4GINTjcObQ/jImWPuoInV5gFqr5Bv7bZhs7OU1dyrvO
+W7nR/k0688h51XFQ8EQVU0VcRzfU1dW3Yf/SLZ/aUmtepEsy5FRt4j0CgYEA03av
+bab4DmPwGDkSktPbJ71kPYxm/pl459kTTun396OJ0PIKgK7QGuFz+OF0qJxG0Ew7
+CLUSp+LQHuh+hjEqatMJwE1CzrXKUXDLw4bq8cNM9WluGt+myGAehyvTGjD1Sn7n
+viSRVxjyndOT0n9CzboVBqnAkI+xoGLVbV8xnf0CgYBe9z4uomBexGnQ+EOcfFjP
+FPSivIjTD1gybNjwo26G/lvXXYBy9y+UCgr9alqWVER5Cq+iNao8W1sxUJGBkUfJ
+JGT9Xn15bchBxIK9Qh5nCagew3xrKLuq7pC0ziO9E2qkhRWok1bjJsoR6ZyuUxza
+b0L/WbZcsncr1dlFJiSgnQKBgQCq/sc+8QyXfmLRA52sU1pdWT3ss1M5v9rQCG4f
+mvykKH8yEfdCNZockoDYGV/fVHfCylHWaa3LSpKm27QsSSeWuE6jTRaf1sribkan
+NrtXgmkB7h5V5tKUJ32oKl0LSdmgQtycmi9Y8diGnWdkiPn5J+cGu0/21et52VHi
+nl6d9QKBgQC6D13Jskxe8xiGYaTwCchJZgoyw+40Mdk6VwbfFbg76LZtFog3q3d3
+ECt14ymqueGs6sJG76cKK9XLk1oQY0z+R1XHp2E1QBlz+cezThLA5tW3IIqfYnyV
+t5isXbUL14L7/r6EZ1mFf+vMs2Np8g4k1IhKf16aQuv/cMeN/ZBrxA==
+-----END RSA PRIVATE KEY-----
diff --git a/strongswan/server/ipsec.conf b/strongswan/server/ipsec.conf
new file mode 100644
index 0000000..e17f711
--- /dev/null
+++ b/strongswan/server/ipsec.conf
@@ -0,0 +1,29 @@
+
+config setup
+
+conn %default
+    ikelifetime=60m
+    keylife=20m
+    rekeymargin=3m
+    keyingtries=3
+    keyexchange=ikev2
+ 
+    # various keepalive settings
+    dpdaction=clear
+    dpddelay=300s
+
+    left=147.83.42.191
+    leftfirewall=yes
+    leftsubnet=0.0.0.0/0
+    leftcert=vpnHostCert.pem
+    leftid=@vpn.secured.eu
+
+conn psa
+    right=%any
+    #rightdns=10.31.0.1,8.8.8.8,8.8.4.4
+    rightdns=8.8.8.8,8.8.4.4
+    rightid=psa@secured.eu
+    rightsourceip=172.16.23.0/24
+    rightsubnet=10.0.0.0/8
+    auto=add
+    rightfirewall=yes
diff --git a/strongswan/server/ipsec.d/Client.p12 b/strongswan/server/ipsec.d/Client.p12
new file mode 100644
index 0000000..caf3137
Binary files /dev/null and b/strongswan/server/ipsec.d/Client.p12 differ
diff --git a/strongswan/server/ipsec.d/ClientKey.pem b/strongswan/server/ipsec.d/ClientKey.pem
new file mode 100644
index 0000000..a2ad836
--- /dev/null
+++ b/strongswan/server/ipsec.d/ClientKey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAtSCoEzIuejeLhwGoHJkkKlxlWyt2+f19K7YqwiY9yXw2Hubp
+/KaynPLJX4bpnAMIov4cDuvOkL5IF/ojT9yPTcWEKah5LEEIuftkgK9vk4sKZe45
+2s/mPtMzIfl8QYw5agBAovg5mW8OpZA7gWFKIa9jbiZ75xvzW2RNFvfgXGHOoDp8
+H+9Wm6wztbKAaEAjsCQDhR2YUbZw5rRQ37R31ddSvvOXwNljGq9V3RQ8LE3tni+z
+n7X2B71Qyz1MTPWOZMsG019V04qp+VB/w85tYGQbYQJ11YtDnsisl41oPj63VWxe
+T4fjmf9mXQEg6CJYX2Vbeq0R9mSpowi+vumu3wIDAQABAoIBAHRaih3qupigXe1Y
+Txov9l+QAzxR65gkEuilmUonLsHkHRA03lMC8vKHtHy9OgySllW+T1/2czfgRIfC
+lDSVRyl6nK/2HgEjtetjZuiTymVJiGB6bIf3zbzGB67nib7ByZAioWMPelDqWspY
+oSE30ltZQ9JavnV0Kxymji8XBPXSejT7hRRp3/eSGaXFxI0YOk4SDcEwnr1gA+bb
+BpFIfFhvB80uMBk+iwHrY7fLoznXww7oZX4U9jGAixfYd6K7jtzR4Vj0toMkX1ww
+FB2Hn1xlHNPjg2ldVom3p0MaWwJJ8DLaxWv7at4HO+kpwI9vDIgu41fBTps5d6L8
+O4dGGCECgYEA189T+qrb6fRyNEOkeZWf4GeUcgrxXwqOovAB9D7p2RHoSJ1h1cYa
+VWgIohHC/J1uWiiKUgeLhBAl3pcG9wMWUKC4am4K4/yCvCjOOoZX5Zdw6+HVnHFv
+PAk1fd4i9mkEzJxVtXJxu80LfKc2hH4Geq8Xs4EE3q+S58ATxb90H5UCgYEA1tvc
+Dv5WT3sqOqYJZCIC/mL5NEzeai3wqA0II/pUkhAqe9DUP8gdLqDheyzVFclT6Frk
+3Kdmw8Akilq34X3Of1BvuwzIDio/MzRoMb9fu/tq2PMGFR+DkspwnQ+nzIFayVjS
+/cI0WOyiB6ADIJQkNX/hM92C5hJzj6geywGKh6MCgYBHFAkTyUxvDMzEe/bi+K3U
+iijxOrtu0xpRff0WxdXdYbGAoR1E/F9V+9LEFleDPhLHbQzJoaSI1YyzeEiZ+JFT
+8utqWl4J4vPoJwRtcCvo+Wz+s73YLeA2BM5ya0RWphYnkeIExfHBqfH7l1M0ZhGa
+PKrwuzCwa2FWJQQeIEWN1QKBgCvw3OloFIi+vJ0v9b23wvr5jNOoYNhAOvZza9XH
+zWHt0nJt++prZ6RwnIyPV6jT+sgLRsDlr3ubIR32faKtEv0wmxka/RMAitpS/ngm
+FlMgkPJ7iSPqxQLRSgSk/gEx9zo0YzoobII/Ksf6bolMIreaRplP1QRug5m+nUWR
+NB6XAoGAALSMJlqZq9UqIu22/vwIhP2PcZPjrFif+QkdU6f3cyJZ4mzPr7rQjCJP
+fADhA5McGkTjh4kBTN7Bb0PTnxrUDYpAeWgkgwozZEKAp92g8UUtWkjK2KyIwQ9f
+n+xD50NWlsgf/EGVPzh1RFGD/fl6Yfc6tCYK+wWctSLDbWtxgzc=
+-----END RSA PRIVATE KEY-----
diff --git a/strongswan/server/ipsec.d/cacerts/strongswanCert.pem b/strongswan/server/ipsec.d/cacerts/strongswanCert.pem
new file mode 100644
index 0000000..00a71e8
--- /dev/null
+++ b/strongswan/server/ipsec.d/cacerts/strongswanCert.pem
@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFNjCCAx6gAwIBAgIIEkPUG0+7tv8wDQYJKoZIhvcNAQEFBQAwOTELMAkGA1UE
+BhMCRVMxEDAOBgNVBAoTB1NlY3VyZWQxGDAWBgNVBAMTD1NlY3VyZWQgUm9vdCBD
+QTAeFw0xNjAyMjkxNjE5NTVaFw0yNjAyMjYxNjE5NTVaMDkxCzAJBgNVBAYTAkVT
+MRAwDgYDVQQKEwdTZWN1cmVkMRgwFgYDVQQDEw9TZWN1cmVkIFJvb3QgQ0EwggIi
+MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ18n1g4CaO4UmNQBCvVA0hZjs
+yY2I1PLhgnQS4tUu6zTb8CqL2qNr/lPh/PuDMhCDnyAdSvO+RrBRBbIKrDet1Ee6
+74lQnrhcN0b+8wQu3xBTwhMpg8iAPduJdDhdzDGrc0sKeUvJ2RnjQmyqNGTvCezl
+7F/xb1UKKg1uZGTorqdxYg09v/6rg51/vd1xnjAaMI5aC4zSbmhDMgNowrNdVtW/
+qC7XQ+mgRNqDdf/ac63vnpNbKt8GhPjEVo/pJUSgNThpyBob5DTbSgFDPXxUjUyQ
+QMwB4NW4CcxqhzoYdrhZXL/BAi7i/bLliX5ivOzKQHEbmfnwHwIyO39/OoEHFNnE
+QC3YjDynFfdyx9LthxeaMFYXFmU/iWtL7qMfZb6IeiV1vkXchC8O/4aYzSqBskHX
+XDwojlxMWYKfb9cJSfiOSbaaLvr1Gof2rjQSDEiJhdvynTE/Qf1wCmQDnLBfwZOv
+d8mMdpi9g0Bqg3JF9/GuvebRJK8CKLcQM6wvn3W8YrxoFDDkH9ni+eLTRjZcazX1
+UuDL6lnWn2ZzO/ND54VSBwE/hPMcV63iSYWcNJP/Q69T2pXBrTigSBhlwaXuzRIF
+/7YmrOwqag7d9lA3mej+jsaygA3L/f1CpI9HWjgZD16S2D83qWjcR66UqNDz8mFf
+DPdLOQROZi5u+OLTHQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
+/wQEAwIBBjAdBgNVHQ4EFgQUMPENpHawLXFavG47snr+cfvNR5QwDQYJKoZIhvcN
+AQEFBQADggIBAFfyR9Q8h4poKaPu4Yh0uKVPDQSnX+xE/xw/acWu6NTck85TYP7G
+s3U7+7IcEOaA/JJc5XhKEINQKj5qi28wzQzUg+bBoGAkd2PlfJZrLAULdNKBBjwH
+7biMUIZFuPKhIJkgVK45o9gukQZW6azZ6uB0QYRD1usFrmqnERtNSYYv7QR1OuTp
+MjHNdyyPok3vrcaYORg5bFmbPeyy/LPvyzHnv9eKR/ykj9Y7nCjBRq2sEa30bwzU
+LFsEYmhrZs2Ja2YA9NjUWE6DOZdLrOjQDLHObGxVnLgzRrnwVqq33RJxCHGhcV7A
+DjhVSH1qRs0OD/LhRpJIO/n7z/xPAH/T2/UhVpiuPQoHIfVWEgfUaZjl9jOBMhXm
+iXJAA4RQLSH35cj8OntuEegE4ZdW1zTqmGmh3VjWf7hKv8FhpdQTCctVlTCDzOs7
+fWEVmupmgc2xBp6sW6e3ioo4CtPDoT+S23ve56gb7QV6UfMuZPeyFkFNgVCDwRBM
+aVXd3WLey3c3D+j4cI+kbtwY8340grA8KALrh2VNbRDFh45vn2c3TAzcfIP2g+Bu
+byNuWZ24IqIyhx1ottLo9KvtPM7S4vcNAuVtiVon3WLeRQlR3UZ316yenJy49NUJ
+Q6PsMWHks5fqE9nVWU/AdflWYOJnX3ooi8EK3UD7sQC/21UyF/UFZdGd
+-----END CERTIFICATE-----
diff --git a/strongswan/server/ipsec.d/certs/ClientCert.pem b/strongswan/server/ipsec.d/certs/ClientCert.pem
new file mode 100644
index 0000000..9a878a7
--- /dev/null
+++ b/strongswan/server/ipsec.d/certs/ClientCert.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEMTCCAhmgAwIBAgIIPumjqfUrjEIwDQYJKoZIhvcNAQEFBQAwOTELMAkGA1UE
+BhMCRVMxEDAOBgNVBAoTB1NlY3VyZWQxGDAWBgNVBAMTD1NlY3VyZWQgUm9vdCBD
+QTAeFw0xNjAyMjkxNjIyMjlaFw0xODAyMjgxNjIyMjlaMDgxCzAJBgNVBAYTAkVT
+MRAwDgYDVQQKEwdTZWN1cmVkMRcwFQYDVQQDFA5wc2FAc2VjdXJlZC5ldTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALUgqBMyLno3i4cBqByZJCpcZVsr
+dvn9fSu2KsImPcl8Nh7m6fymspzyyV+G6ZwDCKL+HA7rzpC+SBf6I0/cj03FhCmo
+eSxBCLn7ZICvb5OLCmXuOdrP5j7TMyH5fEGMOWoAQKL4OZlvDqWQO4FhSiGvY24m
+e+cb81tkTRb34FxhzqA6fB/vVpusM7WygGhAI7AkA4UdmFG2cOa0UN+0d9XXUr7z
+l8DZYxqvVd0UPCxN7Z4vs5+19ge9UMs9TEz1jmTLBtNfVdOKqflQf8PObWBkG2EC
+ddWLQ57IrJeNaD4+t1VsXk+H45n/Zl0BIOgiWF9lW3qtEfZkqaMIvr7prt8CAwEA
+AaM+MDwwHwYDVR0jBBgwFoAUMPENpHawLXFavG47snr+cfvNR5QwGQYDVR0RBBIw
+EIEOcHNhQHNlY3VyZWQuZXUwDQYJKoZIhvcNAQEFBQADggIBALXhl4J3IvoMLuWT
+X8ofgyg0M0D+Je0y/P1yjajQ6jTmszlH9E2j7vPCus598CCxDHn0URR60kaB6W0F
+i4pSqsBo2ctW+8rZpyAhL/Uo3VwZCkSKSFTC5YeJR9zopPxZemQGqxbnD7pKWfTX
+r+CMiA1IkoDUoLOh25MaHTn9OWeSouQJH41S1zuq+W7rpZPrABRrMNUqID32eQhK
+rPtyTS96TIJTbng02PTk+0FLQLyVrDh4mVR8ZALzyBnAmZGsaIGGKw2ff7P+DgZZ
+UlyXM+1F4HRCsGINoDTMkDUZkLUP2gZQfV/bysK3zvZy1UrFjQRbk/76SIwyE4+K
+zdf32UcUpwoCy6FAAHSlUbiDVFX9VA70R1ibGnXSiy45CsYOvNGp6rX+zkE1hfva
+6gFLiyCXt1ns8/GIw51RzGeCOYqzX0Xo4m6H2frfMBOGnJ3Mq6yaT5q/JUf95f31
+qXSgkmdV0NxYQugrFWAA3+mAtmCUj7qh5zejDDtbV6RGApEAr9w+MARbXd69UDRD
+GHTpZLcfTti/czqUOfcUFcYxO6+2qxQXdloTOv0mIppoQ8Waawk7lNpT7cWqxUnU
+isZCAEq6CvZ6VPiYoRPeYwrPfOl+/B5Mx6N0Grt5HNFSwzyBnXy8gq0hO873Hy4z
+eG898qPQSAlOHnHeiGzPn104HHSh
+-----END CERTIFICATE-----
diff --git a/strongswan/server/ipsec.d/certs/vpnHostCert.pem b/strongswan/server/ipsec.d/certs/vpnHostCert.pem
new file mode 100644
index 0000000..ebe9d7b
--- /dev/null
+++ b/strongswan/server/ipsec.d/certs/vpnHostCert.pem
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEUDCCAjigAwIBAgIILdCBejeojQcwDQYJKoZIhvcNAQEFBQAwOTELMAkGA1UE
+BhMCRVMxEDAOBgNVBAoTB1NlY3VyZWQxGDAWBgNVBAMTD1NlY3VyZWQgUm9vdCBD
+QTAeFw0xNjAyMjkxNzIwNTVaFw0xODAyMjgxNzIwNTVaMDgxCzAJBgNVBAYTAkVT
+MRAwDgYDVQQKEwdTZWN1cmVkMRcwFQYDVQQDEw52cG4uc2VjdXJlZC5ldTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMzmpbOKgqqq7ahSVDybx7PGNEdL
+ltVQXTFZbMKqr3tEmOqdU+42PRbO02PtVxx+a+hIqIFcBMMK9meuMtFM+es2GdKN
+k5UC/sPDTBxDAD3o3s2MQh5gLrHaEIgSYJSoy0jsuY2mfwLDQNsskvV/hcTROi6s
+outxEYT/oUWrsXSt+hOO/J+Eh21ItHlPyNQXVBYalxWN+esTVNL/7PfFwSWQT6AG
+bTJJ6W+mpX5pdEnl9dbJrduTpMRCRxN7t1UGf7WyZbY+1ZgLfjrcxdtEcJpH1Fsw
+r6W+aCYKO/6e86f7orYsRAkf5+hZvtxt33hB8YCq3rN0cLuWeOlrM9Cn/YECAwEA
+AaNdMFswHwYDVR0jBBgwFoAUMPENpHawLXFavG47snr+cfvNR5QwGQYDVR0RBBIw
+EIIOdnBuLnNlY3VyZWQuZXUwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFCAIC
+MA0GCSqGSIb3DQEBBQUAA4ICAQAI4vR/sjwFVocDqjf64DvXVsVmo+5iinc9dU96
+l/YCheC8ZXGyMbeuzTZ2b3xkYFQXGFJ1qcFse0VBGec4aj1d79vw7mIixcbsVSRZ
+jHqSY6LaqGWnmguDUmYViG+qoKJAh6N3802kDJw9/ovv22B2WssktLMbYvx0no7c
+wt8dmlK2OCyEAUN6SzlItwYSdPtI5MjpTvDAKYGHP5NfEsPh1zrOr3Ll+wEzLfzg
+MvZRiBJIjsCe9YBOalndi9HTm6dTvTtPVT6ZJX9tPdXfeyQ2sqXqU6UF819LDnnp
+/b5+dADiAGbj3+Kj0c3rjc/dS15WHp1qJoTPUpxngcJDqELAFaNB1H2tCg9a9BwM
+9ke8YX8wV+DBMzlLGfPT2ijfJrlcuc/AszgnH7Y0npKAFFVMLOR8wfh5gaBduB9I
+rYEPrN3mn+El/AFYOKohKNXY9BJ+W3ZruNFZMYmxbCdmzPhFt4AYgumFkBNFI3XV
+tsTxARLhmwfeuwaqbq5bBfkFAfRO0RGlsfz1HeYPeyIlGoBu+VzeDEKPXqpJQ02b
+s8hwgNhawqjwN6lba1T5XJnKxgXcY1Duf9ohQZ94wLcP8fvKO9OqOuyww5lF88LP
+4DytW81hUAmoJug0nwmdUmLB5Pv1J8AgXW7OtpBauQaeeByckWSvh685DFSYa48l
+IyFUKQ==
+-----END CERTIFICATE-----
diff --git a/strongswan/server/ipsec.d/client.conf b/strongswan/server/ipsec.d/client.conf
new file mode 100644
index 0000000..e7f5331
--- /dev/null
+++ b/strongswan/server/ipsec.d/client.conf
@@ -0,0 +1,30 @@
+
+config setup  
+    charondebug="cfg 2, dmn 2, ike 2, net 2"
+
+conn %default  
+    auto=add
+
+    # key and renewal settings 
+    ikelifetime=60m
+    keylife=20m
+    rekeymargin=3m
+    keyingtries=1    
+    keyexchange=ikev2
+
+    # various keepalive settings
+    dpdaction=clear
+    dpddelay=300s
+
+conn remote  
+    auto=start # starts on boot. Change to "add" to manually connect
+
+      # local config
+    leftcert=ClientCert.pem
+    leftfirewall=yes 
+    leftsourceip=10.31.0.1 # change this as needed. you might even not need this line
+
+    # remote server
+    rightcert=vpnHostCert.pem
+    right=147.83.42.191/24 # THE IP OF YOUR SERVER
+    rightsubnet=10.1.0.0/8 # SAME AS SERVER CONFIG
diff --git a/strongswan/server/ipsec.d/private/ClientKey.pem b/strongswan/server/ipsec.d/private/ClientKey.pem
new file mode 100644
index 0000000..a2ad836
--- /dev/null
+++ b/strongswan/server/ipsec.d/private/ClientKey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAtSCoEzIuejeLhwGoHJkkKlxlWyt2+f19K7YqwiY9yXw2Hubp
+/KaynPLJX4bpnAMIov4cDuvOkL5IF/ojT9yPTcWEKah5LEEIuftkgK9vk4sKZe45
+2s/mPtMzIfl8QYw5agBAovg5mW8OpZA7gWFKIa9jbiZ75xvzW2RNFvfgXGHOoDp8
+H+9Wm6wztbKAaEAjsCQDhR2YUbZw5rRQ37R31ddSvvOXwNljGq9V3RQ8LE3tni+z
+n7X2B71Qyz1MTPWOZMsG019V04qp+VB/w85tYGQbYQJ11YtDnsisl41oPj63VWxe
+T4fjmf9mXQEg6CJYX2Vbeq0R9mSpowi+vumu3wIDAQABAoIBAHRaih3qupigXe1Y
+Txov9l+QAzxR65gkEuilmUonLsHkHRA03lMC8vKHtHy9OgySllW+T1/2czfgRIfC
+lDSVRyl6nK/2HgEjtetjZuiTymVJiGB6bIf3zbzGB67nib7ByZAioWMPelDqWspY
+oSE30ltZQ9JavnV0Kxymji8XBPXSejT7hRRp3/eSGaXFxI0YOk4SDcEwnr1gA+bb
+BpFIfFhvB80uMBk+iwHrY7fLoznXww7oZX4U9jGAixfYd6K7jtzR4Vj0toMkX1ww
+FB2Hn1xlHNPjg2ldVom3p0MaWwJJ8DLaxWv7at4HO+kpwI9vDIgu41fBTps5d6L8
+O4dGGCECgYEA189T+qrb6fRyNEOkeZWf4GeUcgrxXwqOovAB9D7p2RHoSJ1h1cYa
+VWgIohHC/J1uWiiKUgeLhBAl3pcG9wMWUKC4am4K4/yCvCjOOoZX5Zdw6+HVnHFv
+PAk1fd4i9mkEzJxVtXJxu80LfKc2hH4Geq8Xs4EE3q+S58ATxb90H5UCgYEA1tvc
+Dv5WT3sqOqYJZCIC/mL5NEzeai3wqA0II/pUkhAqe9DUP8gdLqDheyzVFclT6Frk
+3Kdmw8Akilq34X3Of1BvuwzIDio/MzRoMb9fu/tq2PMGFR+DkspwnQ+nzIFayVjS
+/cI0WOyiB6ADIJQkNX/hM92C5hJzj6geywGKh6MCgYBHFAkTyUxvDMzEe/bi+K3U
+iijxOrtu0xpRff0WxdXdYbGAoR1E/F9V+9LEFleDPhLHbQzJoaSI1YyzeEiZ+JFT
+8utqWl4J4vPoJwRtcCvo+Wz+s73YLeA2BM5ya0RWphYnkeIExfHBqfH7l1M0ZhGa
+PKrwuzCwa2FWJQQeIEWN1QKBgCvw3OloFIi+vJ0v9b23wvr5jNOoYNhAOvZza9XH
+zWHt0nJt++prZ6RwnIyPV6jT+sgLRsDlr3ubIR32faKtEv0wmxka/RMAitpS/ngm
+FlMgkPJ7iSPqxQLRSgSk/gEx9zo0YzoobII/Ksf6bolMIreaRplP1QRug5m+nUWR
+NB6XAoGAALSMJlqZq9UqIu22/vwIhP2PcZPjrFif+QkdU6f3cyJZ4mzPr7rQjCJP
+fADhA5McGkTjh4kBTN7Bb0PTnxrUDYpAeWgkgwozZEKAp92g8UUtWkjK2KyIwQ9f
+n+xD50NWlsgf/EGVPzh1RFGD/fl6Yfc6tCYK+wWctSLDbWtxgzc=
+-----END RSA PRIVATE KEY-----
diff --git a/strongswan/server/ipsec.d/private/strongswanKey.pem b/strongswan/server/ipsec.d/private/strongswanKey.pem
new file mode 100644
index 0000000..d830ddc
--- /dev/null
+++ b/strongswan/server/ipsec.d/private/strongswanKey.pem
@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKQIBAAKCAgEAydfJ9YOAmjuFJjUAQr1QNIWY7MmNiNTy4YJ0EuLVLus02/Aq
+i9qja/5T4fz7gzIQg58gHUrzvkawUQWyCqw3rdRHuu+JUJ64XDdG/vMELt8QU8IT
+KYPIgD3biXQ4Xcwxq3NLCnlLydkZ40JsqjRk7wns5exf8W9VCioNbmRk6K6ncWIN
+Pb/+q4Odf73dcZ4wGjCOWguM0m5oQzIDaMKzXVbVv6gu10PpoETag3X/2nOt756T
+WyrfBoT4xFaP6SVEoDU4acgaG+Q020oBQz18VI1MkEDMAeDVuAnMaoc6GHa4WVy/
+wQIu4v2y5Yl+YrzsykBxG5n58B8CMjt/fzqBBxTZxEAt2Iw8pxX3csfS7YcXmjBW
+FxZlP4lrS+6jH2W+iHoldb5F3IQvDv+GmM0qgbJB11w8KI5cTFmCn2/XCUn4jkm2
+mi769RqH9q40EgxIiYXb8p0xP0H9cApkA5ywX8GTr3fJjHaYvYNAaoNyRffxrr3m
+0SSvAii3EDOsL591vGK8aBQw5B/Z4vni00Y2XGs19VLgy+pZ1p9mczvzQ+eFUgcB
+P4TzHFet4kmFnDST/0OvU9qVwa04oEgYZcGl7s0SBf+2JqzsKmoO3fZQN5no/o7G
+soANy/39QqSPR1o4GQ9ektg/N6lo3EeulKjQ8/JhXwz3SzkETmYubvji0x0CAwEA
+AQKCAgEAxOmAXcSs8cqfW2bZmkKWvKaZSmhXa+ZUDSz3kHU7BUrxhqAG4emrBPBZ
+ZV8pABUXh1D2Q52brUXJPUIRL9hTeYJfeD+39q7hrRVAbfknW5LCmvP7PcUTFglC
+5BY950QOMPWJf+5VwdXLK6rh2CrFTW6hbq3r695xWDkuYUQQLfA16qd9w4BLM4hz
+Xuwb3Xw18VbtiWs7Nw//J47jRJCt66GLZi7tg5T9lx2VECtOMBAq4FoT6B0q93FC
+QEkynIF/Mcy5/Hj6/7ri1gycrryNTu+KgjC01iBCYAkvI75JLxSjRIr3h5RZqZlX
+rhc09Z7aY3X64rKU421c9ySUfcrVlBV4OXLvaGHf9dFI2DAKMQh9OlQkWQyyhO39
+UoLtINH//qh+c01c2awSgbJABgFyA9eWXay6/PZkQ+irz5bDwjD7YuhIzjzt+Ifu
+Rqh9LL+UCzhrzvvsYKCulnCTp6AoV2z1HYmP+rbaLxLx2lvcRbN66ygHutT7b91R
+ACUQoQaXrNraybOKM/I6WqyWFs9QRrk2T3+DRMm11MNTIOMTpHCkXyRyMQeFY4AP
+R4fJaTv7P0BLVxlPicgtx0jlnvuxVfUoMzOHYxVwlGfanI8GfORKo9WDErHfoAL7
+/10jKWqu9u0xrj/fs51rPxxWRyTh5bpC+ya8RWijlj0/BGUyCQECggEBAPoJA63X
+qm6iKmgSh7gDnoBoFYlkUYT5574FoMdLI5saTl5gwu0Oeifn1nB5aKu25EYKi9KQ
+AtxIYbe5UZdvseyOiGdBZMWDpavTgsTSaQCbnDmi14EF2ObCy9dWpPGcGalwSLPt
+qfKU7dZ8Q9pYWvAiPzRDXEqo5xgQlc2PKoEufuQEmLIJmq4tDQa2timJZa6MtNIJ
+BGtdGbX4a5c6eNpNUWkxjh9w9eYr6nS4D9MRwMJ8cP5UU95S3eCuPYBh0ThOVtfZ
+hGCoRPN+GYsl/aNejvoUwT7i16hmXfWyBr+P6x3R04WK06sonvUElcG9/kgUMUy3
+Uka7AYtKF2De5f8CggEBAM6oddQH6aBCwKVxb9S7s2ddgUBRr9icutXlBqLcUy2u
+aRj2C29DBAW+MmO8wSpz2Zq/7DKz7JvoHpmmvZAP26Nhvj8MLnhYFtcaIMsgvhJV
+wa8shQqBpNSiNFjPQkXLRkPoa6OlB2Oklprz47kG0hxO7btnm/GjbXr+QYy9qxRQ
+Qmr0pxgEBYzov3/rAtL5PWz6Ma5hoL/XdXGZMTI4oovGKVNtdfhhsIsvre/l8+MH
+Qp9lBMuzUozRMmzfXOkMb/EGJjQvDtXLzQVeRGFJcSSjAQFyvgwtcgSAE7vLi2Ai
+BdrWLto1VmxRS2L6kwnCtX0Jkce3Ngs8PFK8GnW3HuMCggEBAI6Pyzg4qmVwMwup
+3RZPgfUm43i16UEPmFGhNd3L+t45rotjUmEFiyLrrjntD4AwxJEm/DgvgmIFJyox
+ENNujR0a2607/PAdMr342CvO6K2/C+FU9tkK83QHh2Add+iGn58bdWiZzveQcNeF
+fM6m6BrY+/6ZlarACRuQgUl2Ir8LOrBZ6pJApaA/8ZhtXwnp3D8c3RCQsaNhrwIx
+RW8xmKynvw5ige1tY9c8HO8171fiXGzHtUld3X/68aVk0446t6cKC7wAuti9uKq4
+sGnFXIvko1L1uIVZo6rRyysGuZBJx7314EvZLvz9KTz8w0J3SN/iG4XpVJEdmTDJ
+KvFBxhMCggEAVwcsb7lRUpMp68JEtRLCr4H6H2sHIbKHH/KOA+HDCZbMXZ2oHRfc
+xspdEBF6S3V0Ky4tuwB4YQO0d0J3zAZRmZFc+9IWc8ms/LLdIo3MXY5NvYaDFHSa
+RI12e/v0Tc4X7hsf0U97OCQk5GZW/SF5NECs7uHoEy+euFAArNNnC2vtPHuBLqTq
+7XdKxgTjMJOToaQPbf9hIckLhWZdCGg/U5uE5cRQDOSe406V8lQli/MPxG5XQa1n
+0zN6B81cpCv/rEHJruouViy4T01ugIXcJvCaSNDYZepxfKGvLcO/EyHg01KlcnFJ
+zt3BYJJjf5XGtjxkbvWhxcN9J95dSjtuvwKCAQAq9UyDjOQDNiP1JUvkOPMkTSKy
+EjzMpyUvgPPDv0xir//sv/wEKPc3H/3W2DyZtCIC9jfB9/pTJBvSFzZqXyvp4ugw
+meSWc6ZHJFL06Z7W2OeFcFBpX14E0VG11HOdRmNuZSM0wWBjdJ5ncSMX93Rv5Urt
+vNdEzgBldwWz+6kEh4Qd89MQGO/avntImbvHSmf6H1u6TisvSKNJUJDuYqtc7hy/
+lLZTSdD6LmNHoowTpz3N06XbdBTpFA5a64BgtcToY4IT/wac38EvscUEjLiM2Ct3
+/yZcdZEHxhsflIfY/4VRcE27fplRIzrP10Qmp98hNvDtpauLyqXv3NsKqaBQ
+-----END RSA PRIVATE KEY-----
diff --git a/strongswan/server/ipsec.d/private/vpnHostKey.pem b/strongswan/server/ipsec.d/private/vpnHostKey.pem
new file mode 100644
index 0000000..60376cf
--- /dev/null
+++ b/strongswan/server/ipsec.d/private/vpnHostKey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAzOals4qCqqrtqFJUPJvHs8Y0R0uW1VBdMVlswqqve0SY6p1T
+7jY9Fs7TY+1XHH5r6EiogVwEwwr2Z64y0Uz56zYZ0o2TlQL+w8NMHEMAPejezYxC
+HmAusdoQiBJglKjLSOy5jaZ/AsNA2yyS9X+FxNE6Lqyi63ERhP+hRauxdK36E478
+n4SHbUi0eU/I1BdUFhqXFY356xNU0v/s98XBJZBPoAZtMknpb6alfml0SeX11smt
+25OkxEJHE3u3VQZ/tbJltj7VmAt+OtzF20RwmkfUWzCvpb5oJgo7/p7zp/uitixE
+CR/n6Fm+3G3feEHxgKres3Rwu5Z46Wsz0Kf9gQIDAQABAoIBAQC6f5kEwSbLtsaY
+NU9s1xG+5MICvp9sSzh3yYA/82HD3h0dNtQE9yNFVj18L7PhQIRxKWkOTTYcXScI
+GbsxXFIBr/1y8uAIenBuuJzXAHkA4KujBW3M/hiiUuxHHgsAZF6bYrRFZO0oE5Y9
+p+WfRFH6YcIGZ6XmjMS4fIBKzMq5elsloziDndpA0MBqktOsP2WqsFSSpSuf33+h
+a36ES9oxkvPv4uMIajajvXG4EMjc2fhT6/IWo9AQgQBJ6xAbEn89DAinsZgJMIsE
+okYBEIYlBGWDBYLimaKVR2Z/yWmp6KCBZ8zNSuA2B6DGfMVxlx824f1rGKihutny
+fYseo4z9AoGBAPY/HorZwtynlow60GyGfKAz8wHMJmyRtsHIPdynHurfope5wnyk
+Pftc+BHS+MUGzXxwBGs+zyD+CabQRaPxIxJWlS5DYf3cbeOPsvM0SqHRL7RLhh18
+XQ6KVPd16YjiRDfePMQz5Mus/lx2S3Sv1rY7HCs/5H/GB8QSQ+EFxoJrAoGBANUE
+SyqrYgQLOph/t2MAhr4fdM48nLy2GDlGPDd21S87hmmPjcO+oqfzxfSmVdPxt+ud
+dAy2FrNiYEtg9ZS+XcEnmclmS7Nxm7k6gcBWol1qXxFhzKWaLMkNu4I5szwo2Pr8
+f7kUHhaPCS3Vp4W2GHFKWa02BRzL6eepE5nK3XLDAoGASBLlb6KZJFhw+g5k3r7m
+T0WlRMtqG7DymvlvEdxgckKOpnYadLzl32KwwRbM9W4uStPGl1VE7tUsIgUnvPph
+V4a8F1RlpBYWm9p9eC3AAmjl25GXaZ3y5sSaZeu/NO91JB0KECtYNj0mHg4Ju9eT
+srbOYeJLkRJ3R25JK92y4o0CgYArk8BIz1yy1RU8o0wB3dayyD6d/jpWRK458Uta
+UV4VVokNyUdIFxSxZSZHAUwnmph0g/Z8rzd/pQ1r/j7fGf6WCCLm151+7SvdPcHT
+diWrFJq0NJyn+B1XWA7W+jTXhse0uLjsRNhO5x4KmV229eSUMJCd5aIwHOsR8D3J
+RX39/wKBgQD0BxwVWqA6707fFOKXknsmzFrcDQpJeBYnjt+cXNhPNGmLtTVhxrBA
+KQsrV5l+OZDoflp11/0sjhvCkRr1wtzKZdOMJeZik36/xKvIdPuZmmM6Q7XYEQBD
+rVAAqBIfyP5gnSDRisVLbfvLVHEQ85zaoQY/BoAbfWoFPq4JYcVTsA==
+-----END RSA PRIVATE KEY-----
diff --git a/tests/I_TC_1.py b/tests/I_TC_1.py
new file mode 100644
index 0000000..c7d3639
--- /dev/null
+++ b/tests/I_TC_1.py
@@ -0,0 +1,193 @@
+'''
+I_TC_1: Network Edge Device (NED) Functional operation
+
+1. User authentication and Attestation:
+	a) Test connection to NED (class test_01)
+	b) Test logging in with invalid username (class test_01)
+	c) Test logging in with invalid password (class test_01)
+	d) Test logging in with valid username and password (class test_01)
+	e) Test Internet connection (class test_03)
+2. Setup of New user (specs from D6.1)
+	a) Handle new user (class test_02)
+	b) Retrieve user specific data, e.g. profile (class test_04)
+	c) Setup new user trusted virtual domain (TVD), which includes his/hers PSC (class test_02)
+	d) Request user policies (class test_03)
+	e) Setup and configure user PSAs (class test_02)
+
+Preconditions to this test set:
+- One user terminal is powered on and Selenium server is started
+- NED is powered on
+
+Before tests (setup_module), script opens web browser Firefox on User terminal
+After tests (teardown_module), script closes the browser on User terminal
+
+PSA specific settings:
+- in program code, these codelines are hilighted with #PSA SPECIFIC SETTING
+- From variable list 'User terminal settings', set appropriate username and password
+- Check whole class test_03_connection
+
+'''
+
+import NEDtest
+import selenium, time
+from selenium import webdriver
+from selenium.webdriver.common.desired_capabilities import DesiredCapabilities
+from nose.plugins.skip import Skip, SkipTest
+from nose.tools import with_setup
+
+#NED settings
+login_address = 'http://10.2.2.253:8080/login'
+manager_address = 'http://10.2.2.251:8080/psc'
+PSAlog_prefix = 'http://10.2.2.251:8080/psa/dump-log-psa-ctrl/'
+PSClog_address = 'http://10.2.2.251:8080/psc/dump-log-psc'
+
+#User terminal settings
+user_ip = '192.168.184.129'
+user_address = 'http://' + user_ip + ':4444/wd/hub'
+username = 'test' #PSA SPECIFIC SETTING
+password = 'secuser' #PSA SPECIFIC SETTING
+logPath_prefix = '/var/lib/jenkins/logs/builds/I_TC_1/'
+
+#Variables
+driver = 0
+website_timeout = 60 #seconds
+PSXload_time = 0.000
+startTime = 0.000
+
+
+
+def setup_module(module):
+	#Setup WebDriver
+	global driver
+	driver = webdriver.Remote(command_executor=user_address, desired_capabilities=webdriver.DesiredCapabilities.FIREFOX)
+	driver.set_page_load_timeout(website_timeout)
+
+def teardown_module(module):
+	#Write PSA logfile
+	PSAlog_address = NEDtest.getLogAddress(driver, manager_address, PSAlog_prefix)
+	if PSAlog_address:
+		for x in range(len(PSAlog_address)):
+			NEDtest.writeLog(driver, logPath_prefix + 'PSA' + str(x) + '.log', PSAlog_address[x])
+	else:
+		NEDtest.emptyList('PSAlog_address')
+	#Write PSC logfile
+	NEDtest.writeLog(driver, logPath_prefix + 'PSC.log', PSClog_address)
+	#Write parameters logfile
+	paraFile = open(logPath_prefix + 'parameters.log', 'w+')
+	paraFile.write('File created: %s\n' % time.ctime())
+	paraFile.write('Test I_TC_1 with username %s\n' % username)
+	paraFile.write('User terminal IP: %s\n' % user_ip)
+	paraFile.write('NED login address: %s\n' % login_address)
+	paraFile.write('PSC manager address: %s\n' % manager_address)
+	paraFile.write('PSA log address: %s\n' % PSAlog_address)
+	paraFile.write('PSC log address: %s\n' % PSClog_address)
+	paraFile.write('Timeout of website connection: %s seconds\n' % website_timeout)
+	paraFile.write('Loading time from login to "SECURED: OK": %.3f seconds\n' % PSXload_time)
+	paraFile.close()
+	#Close WebDrive
+	driver.close()
+	driver.quit()
+
+
+
+class test_01_login:
+	#This test set tests logging in with invalid credentials and
+	#valid credentials. No need to modify for PSA testing
+
+	def setup(self):
+		try:
+			driver.get(login_address)
+		except:
+			assert 0, NEDtest.timeout(login_address)
+
+	def test_01_connectionNED(self):
+		assert "NED" in driver.title, NEDtest.titleNotfound('NED', driver.title)
+
+	def test_02_noconnectionInternet(self):
+		timeout = NEDtest.connectionNotloggedin(driver)
+		assert timeout == 'TRUE', "User had access to Internet before logging in to NED"
+
+	def test_03_invalidUsername(self):
+		NEDtest.login(driver, 'invalidusername', password, login_address)
+		assert "Login failed" in driver.find_element_by_id("error-msg").text, "No Login failed -message in element error-msg"
+
+	def test_04_invalidPassword(self):
+		NEDtest.login(driver, username, 'invalidpassword', login_address)
+		assert "Login failed" in driver.find_element_by_id("error-msg").text, "No Login failed -message in element error-msg"
+
+	def test_05_successfulLogin(self):
+		NEDtest.login(driver, username, password, login_address)
+		assert "Congratulations" in driver.find_element_by_id("login_ok").text, "No Congratulations-message in element login_ok"
+
+class test_02_checkSECUREDok:
+	#This test set tests that are PSC and PSA(s) started correctly and
+	#are they visible in PSC GUI. No need to modify for PSA testing
+
+	def setup(self):
+		global startTime
+		driver.get('about:blank')
+		startTime = time.time()
+
+	def teardown(self):
+		global PSXload_time
+		PSXload_time = time.time() - startTime
+
+	def test_01_checkSECUREDok(self):
+		NEDtest.checkSECUREDok(driver, manager_address)
+
+
+class test_03_connection:
+	#This test set tests user's connection to Internet and websites.
+	#This set have to be modified to match PSA policies
+
+	############################################
+	#PSA SPECIFIC SETTINGS (ALMOST WHOLE CLASS)#
+	############################################
+
+	def setup(self):
+		driver.get('about:blank')
+
+	def test_01_internetConnection(self):
+		NEDtest.allowedWebpage(driver, 'http://www.secured-fp7.eu')
+		assert "SECURED" in driver.title, NEDtest.titleNotfound('SECURED', driver.title)
+
+	def test_02_blockedConnectionPolito(self): #PSA SPECIFIC SETTINGS
+		#With this test case you can check that blocked webpage from PSA is really blocked.
+		#Copy-paste this function to create new tests cases to different blocked pages.
+		#See example test_03_allowedConnectionUPC and test_04_allowedConnectionGoogle
+		website_address = 'http://www.polito.it'
+		website_title = 'Politecnico di Torino'
+		timeout = NEDtest.blockedWebpage(driver, website_address, website_title)
+		assert timeout == 'TRUE', "Connecting to blocked site %s did not timeout. Could be general error in Internet connection." % website_address
+
+	def test_03_allowedConnectionUPC(self): #PSA SPECIFIC SETTINGS
+		#With this function you can test pages where user has access
+		#Copy-paste this function to create new tests cases to different blocked pages.                                           
+		#See example test_03_allowedConnectionUPC and test_04_allowedConnectionGoogle
+		website_address = 'http://www.upc.edu'
+		website_title = 'UPC'
+		NEDtest.allowedWebpage(driver, website_address)
+		assert website_title in driver.title, NEDtest.titleNotfound(website_title, driver.title)
+
+	def test_04_allowedConnectionGoogle(self): #PSA SPECIFIC SETTINGS
+		website_address = 'http://www.google.com'
+		website_title = 'Google'
+		NEDtest.allowedWebpage(driver, website_address)
+		assert website_title in driver.title, NEDtest.titleNotfound(website_title, driver.title)
+
+class test_04_userData:
+	#This test set checks user's data from PSC GUI. Right now, it only
+	#checks that user's IP is in correct form
+
+	def test_01_checkuserIP(self):
+		userIP = NEDtest.getUserIPfromPSC(driver, manager_address)
+		assert "10.2.2." in userIP, "Could not retrieve user IP from PSC"
+
+class test_05_logout:
+	#This test is the last test of this set. It logs user out and also
+	#works as a teardown for whole test set.
+
+	def test_01_logout(self):
+		#First have to go through login-screen to get to the logout-page
+		NEDtest.login(driver, username, password, login_address)
+		NEDtest.logout(driver)
diff --git a/tests/NEDtest.py b/tests/NEDtest.py
new file mode 100644
index 0000000..26a2532
--- /dev/null
+++ b/tests/NEDtest.py
@@ -0,0 +1,187 @@
+'''
+This library contains functions to execute NED test scripts
+'''
+
+import time
+import selenium, re
+from selenium import webdriver
+
+####################################
+#TEST CONNECTION AND LOGGING IN/OUT#
+####################################
+
+def login(driver, username, password, login_address):
+	try:
+		driver.get(login_address)
+	except:
+		print "In webpage title: %s" % driver.title
+		assert 0, timeout(login_address)
+	driver.find_element_by_id("input-username").clear()
+	driver.find_element_by_id("input-username").send_keys(username)
+	driver.find_element_by_id("input-password").clear()
+	driver.find_element_by_id("input-password").send_keys(password)
+	driver.find_element_by_id("submit").click()
+
+def logout(driver):
+	try:
+		driver.find_element_by_id("logout").click()
+	except:
+		assert 0, 'Could not found element \"logout\" from %s' % login_address
+	assert driver.find_element_by_id("login-form"), "Could not found login-form"
+
+def allowedWebpage(driver, webpage):
+	try:
+		driver.get(webpage)
+	except:
+		print "In webpage title: %s" % driver.title
+		assert 0, timeout(webpage)
+
+def blockedWebpage(driver, webpage, title):
+	timeout = 'FALSE'
+	try:
+		driver.get(webpage)
+	except:
+		timeout = 'TRUE'
+	print 'Website title: %s' % driver.title
+	print 'Expected website title: %s' % title
+	print 'Timeout occured: %s' % timeout
+	if 'Problem loading page' in driver.title:
+		timeout = 'TRUE'
+	elif title in driver.title:
+		assert 0, notBlocked(webpage)
+	elif timeout == 'FALSE':
+		assert 0, problemLoading(driver.title, webpage)
+	return timeout
+
+def connectionNotloggedin(driver):
+	webpage = 'http://www.secured-fp7.eu'
+	title = 'SECURED'
+	noConnection = 'FALSE'
+	try:
+		driver.get(webpage)
+	except:
+		noConnection = 'TRUE'
+	if 'Problem loading page' in driver.title:
+		noConnection = 'TRUE'
+	elif title in driver.title:
+		assert 0, 'User had access to SECURED website before logging in to NED'
+	elif noConnection == 'FALSE':
+		assert 0, problemLoading(driver.title, webpage)
+	return noConnection
+
+def getUserIPfromPSC(driver, manager_address):
+	userIP = ''
+
+	try:
+		driver.get(manager_address)
+	except:
+		print "In webpage title: %s" % driver.title
+		assert 0, timeout(manager_address)
+	try:
+		userIP = driver.find_element_by_id("user-ip").text
+	except:
+		print "In webpage title: %s" % driver.title
+		assert 0, 'Could not found element \"user-ip\" from %s' % manager_address
+	print "User\'s IP is: %s" % userIP
+	return userIP
+
+def checkSECUREDok(driver, manager_address):
+	manager_counter = 0
+	time_counter = 0
+	counter_timeout = 60
+	interval = 5
+	status_text = ''
+	start_time = 0.000
+
+	start_time = time.time()
+	while True:
+		try:
+			driver.get(manager_address)
+			if manager_counter >= counter_timeout:
+				print "Try: In webpage title: %s" % driver.title
+				assert 0, timeout(manager_address)
+			if driver.title != 'Problem loading page':
+				break
+			else:
+				time.sleep(interval)
+				manager_counter += interval
+		except:
+			if manager_counter >= counter_timeout:
+				print "Except: In webpage title: %s" % driver.title
+				assert 0, timeout(manager_address)
+			time.sleep(interval)
+			manager_counter += interval
+	while True:
+		try:
+			status_text = driver.find_element_by_id("status").text
+		except:
+			if time_counter >= counter_timeout:
+				assert 0, 'Could not found status text. Status text: %s' % (status_text)
+			time.sleep(interval)
+			time_counter += interval
+			
+		if 'wait' in status_text:
+			if time_counter >= counter_timeout:
+				assert 0, 'It took over %d seconds to load PSA(s)\n %s' % (counter_timeout, status_text)
+			time.sleep(interval)
+			time_counter += interval
+		elif 'OK' in status_text:
+			print 'It took %.3f seconds to load PSA(s)' % (time.time() - start_time)
+			break
+		elif 'Error' in status_text:
+			print driver.find_element_by_id('page').text
+			assert 0, 'Text error in status text'
+
+#########
+#LOGGING#
+#########
+
+def getLogAddress(driver, manager_address, log_address):
+	ip = []
+	ip_list = []
+	try:
+		driver.get(manager_address)
+	except:
+		print "In webpage title: %s" % driver.title
+		timeout(manager_address)
+	try:
+		ip = re.findall(r'[0-9]+(?:\.[0-9]+){3}', driver.find_element_by_id("psa-list-online").text)
+	except:
+		print "Not able to found IP number from element psa-list-online"
+		print "In webpage title: %s" % driver.title
+	for x in ip:
+		ip_list.append(log_address + x)
+	return ip_list
+
+def writeLog(driver, logPath, logAddress):
+	logFile = open(logPath, 'w+')
+	try:
+		driver.get(logAddress)
+	except:
+		print "In webpage title: %s" % driver.title
+		timeout(logAddress)
+	try:
+		logFile.write(driver.find_element_by_xpath('/html/body/pre').text + '\n')
+	except:
+		print "Not able to write dump log file from %s to %s" % (logAddress, logPath)
+	logFile.close()
+
+
+################
+#ERROR HANDLING#
+################
+
+def timeout(url):
+        print "Could not load page %s. Connection timed out." % url
+
+def notBlocked(url):
+        print "User had access to blocked page %s." % url
+
+def problemLoading(title, webpage):
+	print '\"%s\" reported in %s title. Connection should timeout.' % (title, webpage)
+
+def emptyList(listname):
+	print "IP address list %s is empty." % listname
+
+def titleNotfound(expected, found):
+	print 'Text \"%s\" not found in webpage title. Found \"%s\" instead' % (expected, found)
diff --git a/tests/README.md b/tests/README.md
new file mode 100644
index 0000000..d454c6b
--- /dev/null
+++ b/tests/README.md
@@ -0,0 +1,11 @@
+# Tests to be executed in Jenkins. 
+In this folder, there is a test set for PSA testing. Only these two files are needed to execute quick smoketest for PSA. For PSA specific tests some modifications have to be done to test scripts.
+
+## Needed modifications for PSA testing
+Modifications are needed to I_TC_1.py file. DO NOT MODIFY NEDtest.py. These modifications are also explained in I_TC_1.py comments. The specific lines or functions that need modification are hilighted with comment #PSA SPECIFIC SETTING
+
+### Variables: username and password
+Change correct username and password from the beginning of the code in variable list under title 'User terminal settings'
+
+### class test_03_connection
+This test class tests connectivity to the Internet and some websites. This class have to be modified according to PSA's policies. Right now there are functions to test that has user access to blocked or allowed website. See I_TC_1.py for detailed instructions.
\ No newline at end of file