# /etc/ipsec.conf - FreeS/WAN IPsec configuration file
# More elaborate and more varied sample configurations can be found
# in FreeS/WAN's doc/examples file, and in the HTML documentation.
# basic configuration
config setup
# THIS SETTING MUST BE CORRECT or almost nothing will work;
# %defaultroute is okay for most simple cases.
interfaces=ipsec0=eth0
# Debug-logging controls: "none" for (almost) none, "all" for lots.
klipsdebug=none
plutodebug=none
# Use auto= parameters in conn descriptions to control startup actions.
plutoload=%search
plutostart=%search
# Close down old connection when new one using same ID shows up.
uniqueids=yes
# defaults for subsequent connection descriptions
# (these defaults will soon go away)
conn %default
keyingtries=0
disablearrivalcheck=no
authby=rsasig
#leftrsasigkey=%dnsondemand
#rightrsasigkey=%dnsondemand
# connection description for opportunistic encryption
# (requires KEY record in your DNS reverse map; see doc/opportunism.howto)
#conn me-to-anyone
# left=%defaultroute
# right=%opportunistic
# keylife=1h
# rekey=no
# for initiator only OE, uncomment and uncomment this
# after putting your key in your forward map
#leftid=@myhostname.example.com
# uncomment this next line to enable it
#auto=route
# sample VPN connection
conn vpn1-vpn2
# Left security gateway, subnet behind it, next hop toward right.
left=147.228.67.201
leftsubnet=192.168.1.0/24
#leftnexthop=10.22.33.44
# Right security gateway, subnet behind it, next hop toward left.
right=147.228.67.202
rightsubnet=192.168.2.0/24
#rightnexthop=10.101.102.103
# To authorize this connection, but not actually start it, at startup,
# uncomment this.
#auto=add
leftrsasigkey=0sAQ...
rightrsasigkey=0sAQ...