freeswan/testing/baseconfigs/east/etc/ipsec.conf

   1 # /etc/ipsec.conf - FreeS/WAN IPsec configuration file
   2
   3 # More elaborate and more varied sample configurations can be found
   4 # in FreeS/WAN's doc/examples file, and in the HTML documentation.
   5
   6
   7
   8 # basic configuration
   9 config setup
  10         # THIS SETTING MUST BE CORRECT or almost nothing will work;
  11         # %defaultroute is okay for most simple cases.
  12         interfaces=%defaultroute
  13         # Debug-logging controls:  "none" for (almost) none, "all" for lots.
  14         klipsdebug=none
  15         plutodebug=none
  16         # Use auto= parameters in conn descriptions to control startup actions.
  17         plutoload=%search
  18         plutostart=%search
  19         # Close down old connection when new one using same ID shows up.
  20         uniqueids=yes
  21
  22
  23
  24 # defaults for subsequent connection descriptions
  25 conn %default
  26         # How persistent to be in (re)keying negotiations (0 means very).
  27         keyingtries=0
  28         # RSA authentication with keys from DNS.
  29         authby=rsasig
  30         leftrsasigkey=%dns
  31         rightrsasigkey=%dns
  32
  33
  34
  35 # connection description for (experimental!) opportunistic encryption
  36 # (requires KEY record in your DNS reverse map; see doc/opportunism.howto)
  37 conn me-to-anyone
  38         left=%defaultroute
  39         right=%opportunistic
  40         # uncomment to enable incoming; change to auto=route for outgoing
  41         #auto=add
  42
  43
  44
  45 # sample VPN connection
  46 conn west-east
  47         also=west-east-base
  48         #auto=start
  49
  50 conn west-eastnet
  51         also=west-east-base
  52         rightsubnet=192.0.2.254/24
  53         #auto=start
  54
  55 conn westnet-east
  56         also=west-east-base
  57         leftsubnet=192.0.1.254/24
  58         #auto=start
  59
  60 conn westnet-eastnet
  61         also=west-east-base
  62         rightsubnet=192.0.2.254/24
  63         leftsubnet=192.0.1.254/24
  64         #auto=start
  65
  66 conn west-east-base
  67         # Left security gateway, subnet behind it, next hop toward right.
  68         left=192.1.2.45
  69         leftid=@west
  70         leftrsasigkey=0sAQNzGEFs18VKT00sA+4p+GUKn9C55PYuPQca6C+9Qhj0jfMdQnTRTDLeI+lp9TnidHH7fVpq+PkfiF2LHlZtDwMurLlwzbNOghlEYKfQ080WlOTTUAmOLhAzH28MF70q3hzq0m5fCaVZWtxcV+LfHWdxceCkjBUSaTFtR2W12urFCBz+SB3+OM33aeIbfHxmck2yzhJ8xyMods5kF3ek/RZlFvgN8VqBdcFVrZwTh0mXDCGN12HNFixL6FzQ1jQKerKBbjb0m/IPqugvpVPWVIUajUpLMEmi1FAXc1mFZE9x1SFuSr0NzYIu2ZaHfvsAZY5oN+I+R2oC67fUCjgxY+t7
  71         leftnexthop=192.1.2.23
  72         # Right security gateway, subnet behind it, next hop toward left.
  73         right=192.1.2.23
  74         rightid=@east
  75         rightrsasigkey=0sAQN3cn11FrBVbZhWGwRnFDAf8O9FHBmBIyIvmvt0kfkI2UGDDq8k+vYgRkwBZDviLd1p3SkL30LzuV0rqG3vBriqaAUUGoCQ0UMgsuX+k01bROLsqGB1QNXYvYiPLsnoDhKd2Gx9MUMHEjwwEZeyskMT5k91jvoAZvdEkg+9h7urbJ+kRQ4e+IHkMUrreDGwGVptV/hYQVCD54RZep6xp5ymaKRCDgMpzWvlzO80fP7JDjSZf9LI/MMu6c+qwXIKnWoNha75IhFyLWniVczxK2RdhmMhLsi0kC0CoOwWDSIEOb+5zbECDjjud+SF5tT8qRCWnSomX8jtbCdZ50WraQlL
  76         rightnexthop=192.1.2.45
  77         # To authorize this connection, but not actually start it, at startup,
  78         # uncomment this.
  79