# /etc/ipsec.conf - FreeS/WAN IPsec configuration file # More elaborate and more varied sample configurations can be found # in FreeS/WAN's doc/examples file. # basic configuration config setup # THIS SETTING MUST BE CORRECT or almost nothing will work; # %defaultroute is okay for most simple cases. interfaces=%defaultroute # Debug-logging controls: "none" for (almost) none, "all" for lots. klipsdebug=none plutodebug=none # Use auto= parameters in conn descriptions to control startup actions. plutoload=%search plutostart=%search # Close down old connection when new one using same ID shows up. uniqueids=yes # defaults for subsequent connection descriptions conn %default # How persistent to be in (re)keying negotiations (0 means very). keyingtries=0 # Parameters for manual-keying testing (DON'T USE OPERATIONALLY). # Note: only one test connection at a time can use these parameters! spi=0x200 esp=3des-md5-96 espenckey=0x01234567_89abcdef_02468ace_13579bdf_12345678_9abcdef0 espauthkey=0x12345678_9abcdef0_2468ace0_13579bdf # RSA authentication with keys from DNS. authby=rsasig leftrsasigkey=%dns rightrsasigkey=%dns # sample connection conn standort1-stanndort2 auto=start authby=rsasig type=tunnel # Left security gateway, subnet behind it, next hop toward right. left=1.2.3.4 leftsubnet=192.168.1.0/24 leftnexthop=1.2.3.1 leftrsasigkkey=0x0103dacabf2e8f40bd732d00cbf866c1b23557fe2dc558b77579ae1245edb365d4f5c9abf54a728625d2010fe1e37a9f992e2d484662b758de4541e74231c9f1c286963d7092d31e5fe7c20ccb2864ca921a0cc7a05eda90d6f492af9979dc384604944e936cb88fde5c113f9a63df5ec8bbfaf8f6778270bb496e57f2615367d579d606913e7c5ca68a58748136b2c1ad56f5f736376db6adf5a0d3f1de28ce7d9549654605e560be8e1e742ebc092d4dd2c0e1bb480c3f7c990872c812aac9a5cb0ac2a4514879541ecb13fd5eda683f00d64b76bbee2bb5dd1bcf6ce1d434e0fe4106b61ebe2168df8245a8eb6d23c64a61038497b0015fa8cae4aae2b8220f71 # Right security gateway, subnet behind it, next hop toward left. right=5.6.7.8 rightsubnet=192.168.2.0/24 rightnexthop=5.6.7.1 rightrsasigkey=0x0103.......