# /etc/ipsec.conf - FreeS/WAN IPSEC configuration file
# RCSID $Id: conf.proto,v 1.24 2000/05/23 21:05:09 henry Exp $

# More elaborate and more varied sample configurations can be found
# in FreeS/WAN's doc/examples file.



# basic configuration
config setup
	# THIS SETTING MUST BE CORRECT or almost nothing will work;
	# %defaultroute is okay for most simple cases.
	interfaces=%defaultroute
	# Debug-logging controls:  "none" for (almost) none, "all" for lots.
	klipsdebug=none
	plutodebug=none
	# Use auto= parameters in conn descriptions to control startup actions.
	plutoload=%search
	plutostart=%search



# defaults for subsequent connection descriptions
conn %default
	# How persistent to be in (re)keying negotiations (0 means very).
	keyingtries=0
	# Parameters for manual-keying testing (DON'T USE OPERATIONALLY).
	# Note:  only one test connection at a time can use these parameters!
	spi=0x200
	esp=3des-md5-96
	espenckey=0x01234567_89abcdef_02468ace_13579bdf_12345678_9abcdef0
	espauthkey=0x12345678_9abcdef0_2468ace0_13579bdf
	# If RSA authentication is used, get keys from DNS.
	leftrsasigkey=%dns
	rightrsasigkey=%dns



# sample connection
conn sample
	# Left security gateway, subnet behind it, next hop toward right.
	left=10.0.0.1
	leftsubnet=172.16.0.0/24
	leftnexthop=10.22.33.44
	# Right security gateway, subnet behind it, next hop toward left.
	right=10.12.12.1
	rightsubnet=192.168.0.0/24
	rightnexthop=10.101.102.103
	# Authorize this connection, but don't actually start it, at startup.
	auto=add
	# To use RSA authentication (not legal in US until 20 Sept 2000),
	# uncomment this next line.
	#authby=rsasig