# /etc/ipsec.conf - FreeS/WAN IPsec configuration file # More elaborate and more varied sample configurations can be found # in FreeS/WAN's doc/examples file, and in the HTML documentation. # basic configuration config setup # THIS SETTING MUST BE CORRECT or almost nothing will work; # %defaultroute is okay for most simple cases. interfaces=ipsec0=eth0 # Debug-logging controls: "none" for (almost) none, "all" for lots. klipsdebug=none plutodebug=none # Use auto= parameters in conn descriptions to control startup actions. plutoload=%search plutostart=%search # Close down old connection when new one using same ID shows up. uniqueids=yes # defaults for subsequent connection descriptions # (these defaults will soon go away) conn %default keyingtries=0 disablearrivalcheck=no authby=rsasig #leftrsasigkey=%dnsondemand #rightrsasigkey=%dnsondemand # connection description for opportunistic encryption # (requires KEY record in your DNS reverse map; see doc/opportunism.howto) #conn me-to-anyone # left=%defaultroute # right=%opportunistic # keylife=1h # rekey=no # for initiator only OE, uncomment and uncomment this # after putting your key in your forward map #leftid=@myhostname.example.com # uncomment this next line to enable it #auto=route # sample VPN connection conn vpn1-vpn2 # Left security gateway, subnet behind it, next hop toward right. left=147.228.67.201 leftsubnet=192.168.1.0/24 #leftnexthop=10.22.33.44 # Right security gateway, subnet behind it, next hop toward left. right=147.228.67.202 rightsubnet=192.168.2.0/24 #rightnexthop=10.101.102.103 # To authorize this connection, but not actually start it, at startup, # uncomment this. #auto=add leftrsasigkey=0sAQ... rightrsasigkey=0sAQ...