version 2.0 # conforms to second version of ipsec.conf specification

config setup
	# THIS SETTING MUST BE CORRECT or almost nothing will work;
	# %defaultroute is okay for most simple cases.
	interfaces=%defaultroute
	klipsdebug=none
	plutodebug=none
	uniqueids=yes
	overridemtu=1400
	fragicmp=no
	nat_traversal=yes
	virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
	oe=no

conn %default
	aggrmode=no
	keyingtries=0
	authby=rsasig
	auth=esp
	pfs=yes
	keylife=1h
	ikelifetime=8h
	compress=no
	rightrsasigkey=%cert
	rightcert="mycert.pem"
	leftrsasigkey=%cert

conn server
	left=216.27.31.170
	leftid="/C=US/ST=North Carolina/L=Cary/O=Webfargo Data Security LLC/OU=Security/CN=pluto.webfargo.com/Email=root@webfargo.com"
	right=%defaultroute
	rightsendcert=always
	leftsendcert=never
	auto=add