# /etc/ipsec.conf - FreeS/WAN IPsec configuration file

# More elaborate and more varied sample configurations can be found
# in FreeS/WAN's doc/examples file, and in the HTML documentation.



# basic configuration
config setup
	# THIS SETTING MUST BE CORRECT or almost nothing will work;
	# %defaultroute is okay for most simple cases.
	#interfaces="ipsec0=eth0"
	interfaces="ipsec0=eth0"
	# Debug-logging controls:  "none" for (almost) none, "all" for lots.
	klipsdebug=none
	plutodebug=none
	# Use auto= parameters in conn descriptions to control startup actions.
	plutoload=%search
	plutostart=%search
	# Close down old connection when new one using same ID shows up.
	uniqueids=yes



# defaults for subsequent connection descriptions
conn %default
	# How persistent to be in (re)keying negotiations (0 means very).
	keyingtries=0
	# RSA authentication with keys from DNS.
	authby=rsasig
	leftrsasigkey=0sAQNsFiwynyMo0qIK3ukcZcstMrn/SnXQEntDu8vrBA93suaFD9Kx4VkDce4SxmT54yWRlISv2rM9OjKp0/afwozS0KnucJ3tfkS4ouBls7VGoZTgMtOprBB/PHLKMyVvC9nQdX41RJbt0xS0BnpZqFsAUQxAosr3ggFwosL0eHL0/gP/SfYm7xr7ohAAptVTZp1dbHu5auM9xfJJMZxJhGyXjtDQCcZxtndcb+7MOTLnUd6zOV3R6tk6fH3AT7udrNjEtutP9cM4PZYmHtfGSaxt0CudII+7LXTMyxjWFlrSMvluxPDearBv16Taqofy8fmeKPz+Tk6wKUoK1zzr7uUb
	rightrsasigkey=0sAQNhUD8CTfksezfC8s7IdulnAThsou1ZQ7/Ec+6XkHfnXW+5UyMnyDzCS68c9TPWKDW9vraVg8N830khNF/L/GLkC9kgalWNkqqPEBh+9WYg90+r8M/DnNbIEo6RTBiuMErd5FB/7sj9MCZg6AaoCHs/iGObk3rerEVRHc8QpguQhsoVOPDUaaYlqwFH7g7Hiz9gEA80Q5fyBYdRGaYYnLpiTVP8G8D/wzE40oFe96h6tMIXD4byq/CZ37NbcXbFRKH6yzfanZW2uGD2IA7yH+9Sva6XqP/PZe1VQ9zwk0/dmBciagN78VXhPnxbg6SsddYd7fD7q6omIU7vVq5Iedzl

# connection description for (experimental!) opportunistic encryption
# (requires KEY record in your DNS reverse map; see doc/opportunism.howto)
conn me-to-anyone 
	left=%defaultroute
	right=%opportunistic
	# uncomment to enable incoming; change to auto=route for outgoing
	#auto=add



# sample VPN connection
conn A 
	# Left security gateway, subnet behind it, next hop toward right.
	#left=128.9.160.185
	#leftsubnet=128.9.160.0/24
	#left=128.9.168.46
	#leftsubnet=128.9.168.0/24
	left=10.0.0.1
	leftsubnet=128.9.168.0/24
	#leftsubnet=172.16.0.0/24
	#leftnexthop=10.22.33.44
	# Right security gateway, subnet behind it, next hop toward left.
	#right=128.9.160.42
	#rightsubnet=128.9.160.0/24
	#right=128.9.168.21
	#rightsubnet=128.9.168.0/24
	right=10.0.0.2
	rightsubnet=192.168.0.0/24
	#rightnexthop=10.101.102.103
	# To authorize this connection, but not actually start it, at startup,
	# uncomment this.
	auto=add

conn TEST
	left=128.9.160.185
	leftsubnet=128.9.160.0/24
	right=128.9.160.201
	rightsubnet=192.168.0.0/24
	auto=add