# /etc/ipsec.conf - Libreswan IPsec configuration file

# This file:  /usr/local/share/doc/libreswan/ipsec.conf-sample
#
# Manual:     ipsec.conf.5


version	2.0	# conforms to second version of ipsec.conf specification

# basic configuration
config setup
	# plutodebug / klipsdebug = "all", "none" or a combation from below:
	# "raw crypt parsing emitting control klips pfkey natt x509 private"
	# eg:
	plutodebug="control klips crypt"
	#plutodebug="all"
	#
	# Only enable klipsdebug=all if you are a developer
	#
	# NAT-TRAVERSAL support, see README.NAT-Traversal
	# nat_traversal=yes
	# virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
	dumpdir=/var/tmp/plutocore
	plutostderrlog=/var/tmp/pluto.log
	oe=no

# Add connections here

# sample VPN connection
conn base
		# Left security gateway, subnet behind it, nexthop toward right.
		left=205.150.200.251
		leftnexthop=205.150.200.241
		# Right security gateway, subnet behind it, nexthop toward left.
		right=205.150.200.134
		rightnexthop=205.150.200.241
		ike=aes128-sha1-modp4096
		# To authorize this connection, but not actually start it, 
		# at startup, uncomment this.
		auto=ignore
 	

conn aes128
		rightsubnet=205.150.200.165/32
		phase2=esp
		esp=aes128-sha1
		also=base
		
conn 3des_cbc
		rightsubnet=205.150.200.165/32
		phase2=esp
		esp=3des_cbc
		also=base
conn sha1
		rightsubnet=205.150.200.165/32
		phase2=ah
		phase2alg=sha1
		also=base
		
conn vpn
		rightsubnet=205.150.200.165/32
		phase2=esp
		phase2alg=aes128-md5
		also=base
		
conn packetdefault
		auto=ignore