# /etc/ipsec.conf - Libreswan IPsec configuration file # This file: /usr/local/share/doc/libreswan/ipsec.conf-sample # # Manual: ipsec.conf.5 version 2.0 # conforms to second version of ipsec.conf specification # basic configuration config setup # plutodebug / klipsdebug = "all", "none" or a combation from below: # "raw crypt parsing emitting control klips pfkey natt x509 private" # eg: plutodebug="control klips crypt" #plutodebug="all" # # Only enable klipsdebug=all if you are a developer # # NAT-TRAVERSAL support, see README.NAT-Traversal # nat_traversal=yes # virtual_private=%v4:,%v4:,%v4: dumpdir=/var/tmp/plutocore plutostderrlog=/var/tmp/pluto.log oe=no # Add connections here # sample VPN connection conn base # Left security gateway, subnet behind it, nexthop toward right. left= leftnexthop= # Right security gateway, subnet behind it, nexthop toward left. right= rightnexthop= ike=aes128-sha1-modp4096 #ike=aes128-sha1-modp3072 #ike=aes128-sha1-modp2048 #ike=aes128-sha1-modp1024 #aggrmode=yes # To authorize this connection, but not actually start it, # at startup, uncomment this. auto=ignore conn vpn rightsubnet= also=base conn vpn2 rightsubnet= leftsubnet= also=base conn packetdefault auto=ignore