# /etc/ipsec.conf - FreeS/WAN IPsec configuration fil # More elaborate and more varied sample configurations can be found # in FreeS/WAN's doc/examples file, and in the HTML documentation. version 2.0 # basic configuration config setup #interfaces="ipsec0=eth1 ipsec1=eth1:1" #plutodebug="dns" uniqueids=yes dumpdir=/var/tmp/plutocore #plutostderrlog=/var/tmp/pluto.log nat_traversal=yes oe=yes conn %default keylife=2h dpddelay=20 dpdtimeout=120 dpdaction=hold conn navy--mrcharlie left=205.150.200.134 leftsubnet=205.150.200.160/28 leftnexthop=205.150.200.129 leftid=@mrcharlie.sandelman.ca. # RSA 2192 bits gimli Tue Mar 9 20:29:21 2004 leftrsasigkey=0sAQOrXJxB56Q28iOO43Va36elIFFKc/QB2orIeL94BdC5X4idFQZjSpsZTh48wKVXUE9xjwUkwR4R4/+1vjNN7KFp9fcqa2OxgjsoGqCn+3OPR8La9uyvZg0OBuSTj3qkbh/2HacAUJ7vqvjQ3W8Wj6sMXtTueR8NNcdSzJh149ch3zqfiXrxxna8+8UEDQaRR9KOPiSvXb2KjnuDan6hDKOT4qTZRRRCMWwnNQ9zPIMNbLBp0rNcZ+ZGFg2ckWtWh5yhv1iXYLV2vmd9DB6d4Dv8cW7scc3rPmDXpYR6APqPBRHlcbenfHCt+oCkEWse8OQhMM56KODIVQq3fejrfi1H right=%any rightid=@navy.e-dtu.sandelman.ca. rightsubnet=205.150.200.209/32 rightsourceip=205.150.200.209 # RSA 2192 bits CVS Mon Aug 23 23:27:18 2004 rightrsasigkey=0sAQOltTQXeunEqEw9q8wEyxAxZPISLCto9b+y13nQUUOyyVCzMBF1IKNZtitMjskZJxbqiCws2jGd3B/2bnexB+3t+aeg4rQ6QhgULyETYxSwq5u45tO0g4PTani9onFujLecuMLnNo/RowVeziahMUzvviv5Og784QlnTtKuuBJHWMYifWqullWOZ2JGACl8DuCxhHMVJVkjyp9kkxMxThyK2BuSpDbh+uYLG8DPg3LvB6uH6LOAC9TCwXqdCyw7F6nyLuma8txMViai6aqErY5TmiLWsPUhYhqDXyqGthwvEDPG4CeJ0AuRux04UWARcJYC7CipXV5P+2cvCJ3W/yaJJVoNq+7ckr8KDQjJ7HQSHkvf auto=ignore conn us-clear2 leftsubnet=205.150.200.160/28 also=IP1 also=clear conn mrcharlie--marajade also=mrcharlie-net-left also=marajade-host auto=add conn mrcharlie--marajade-pass also=mrcharlie-net-left right=192.139.46.20 type=passthrough auto=add conn mrcharlie--indiagate also=mrcharlie-net-left right=indiagate.flora.ca rightid=@indiagate.flora.ca rightsubnet=192.168.168.0/24 auto=add conn us-private leftsubnet=205.150.200.160/28 also=private conn private also=IP1 failureshunt=drop auto=add also=OE conn us-private-or-clear leftsubnet=0.0.0.0/0 also=IP1 failureshunt=passthrough auto=route also=OE conn private-or-clear also=IP1 failureshunt=passthrough auto=route also=OE conn clear-or-private auto=ignore conn block auto=ignore conn clear also=IP1 authby=never type=passthrough right=%group auto=route conn IP1 left=205.150.200.134 leftnexthop=205.150.200.129 conn pass-ns.xtdnet.nl type=passthrough left=205.150.200.134 leftsubnet=193.110.157.2/32 leftnexthop=205.150.200.129 right=%any rightsubnet=0.0.0.0/0 authby=never auto=ignore conn packetdefault left=205.150.200.134 leftnexthop=205.150.200.129 leftsubnet=0.0.0.0/0 auto=add right=%opportunistic also=OEparam conn OE right=%opportunisticgroup also=OEparam conn OEparam keyingtries=3 keylife=1h rekey=no dpddelay=20 dpdtimeout=120 dpdaction=clear conn ssw-oe-net leftsubnet=192.139.46.72/29 also=ssw-gimli-base auto=ignore conn ssw-oe-net2 leftsubnet=205.150.200.160/28 also=ssw-gimli-base auto=ignore include /etc/ipsec.d/*.conn include /etc/freeswan/freeswan-team-conns include /etc/freeswan/mrcharlie-left.conf #include /etc/ipsec.d/pbX/*.conn