# From Ignat.Vassilev@optus.com.au Fri Sep 13 01:22:37 2002
# Date: Wed, 14 Aug 2002 11:43:07 +1000
# From: Ignat Vassilev <Ignat.Vassilev@optus.com.au>
# To:  'FreeS/WAN Design' <design@lists.freeswan.org>

# /etc/ipsec.conf - FreeS/WAN IPsec configuration file

# More elaborate and more varied sample configurations can be found
# in FreeS/WAN's doc/examples file, and in the HTML documentation.



# basic configuration

version 2

config setup
	# THIS SETTING MUST BE CORRECT or almost nothing will work;
	# %defaultroute is okay for most simple cases.
	#interfaces=%defaultroute
	interfaces=%defaultroute
	# Debug-logging controls:  "none" for (almost) none, "all" for lots.
	klipsdebug=none
	plutodebug=none
	# Use auto= parameters in conn descriptions to control startup actions.
	####plutoload=%search
	####plutostart=%search
	# Close down old connection when new one using same ID shows up.
	uniqueids=yes


# defaults for subsequent connection descriptions
conn %default
	# How persistent to be in (re)keying negotiations (0 means very).
	keyingtries=0
        right=203.202.188.202		#Futurelab public address
	rightnexthop=203.202.188.201	#Futurelab next hop router to internet
	auto=add	
	disablearrivalcheck=yes		#### needed to match v1 (bad idea)
	authby=secret			#### needed to match v1 (bad idea)

conn mms
        # Left security gateway, subnet behind it, next hop toward right.
        leftid=@203.19.245.83
        authby=rsasig
        left=203.19.245.83
        leftsubnet=203.9.249.0/24
        leftnexthop=203.19.245.81
        leftrsasigkey=0sAQP....
	# Right security gateway, subnet behind it, next hop toward left.
        rightid=@203.202.188.202
        rightsubnet=203.13.0.0/16
	rightrsasigkey=0sAQ...
        auto=start


conn mms1
        # Left security gateway, subnet behind it, next hop toward right.
        leftid=@203.19.245.83
        authby=rsasig
        left=203.19.245.83
        leftsubnet=203.9.249.0/24
        leftnexthop=203.19.245.81
        leftrsasigkey=0sAQP..
        # Right security gateway, subnet behind it, next hop toward left.
        rightid=@203.202.188.202
        rightsubnet=10.59.4.16/30
        rightrsasigkey=0sAQ...
        auto=start

# networker-futurelab connection
conn wap
        # Left security gateway, subnet behind it, next hop toward right.
        leftid=@202.139.125.54
        left=202.139.125.54 
        leftsubnet=192.168.0.0/24 
        leftnexthop=202.139.125.49
        leftrsasigkey=0sAQN...
        # Right security gateway, subnet behind it, next hop toward left.
        rightid=@203.202.188.202  
        rightsubnet=10.59.4.16/30 
        rightrsasigkey=0sAQP....
        authby=rsasig
        auto=start

conn singtel #FW-1
	type=tunnel
        # Left security gateway, subnet behind it, next hop toward right.
        leftid=165.21.42.232
        left=165.21.42.232
        leftsubnet=10.251.250.0/24
        leftnexthop=161.21.42.237
        # Right security gateway, subnet behind it, next hop toward left.
        rightid=203.202.188.202
        rightsubnet=10.59.4.0/24
        ikelifetime=8h
	keylife=1h
        keyexchange=ike
        auth=esp
        pfs=no
        	

conn singtel1 #FW-1
        type=tunnel
        # Left security gateway, subnet behind it, next hop toward right.
        leftid=165.21.42.232
        left=165.21.42.232
        leftnexthop=165.21.42.237
        leftsubnet=10.251.250.0/24
        # Right security gateway, subnet behind it, next hop toward left.
        rightid=203.202.188.202
        rightsubnet=10.59.6.0/24
        ikelifetime=1h
        keylife=8h
        keyexchange=ike
        auth=esp
        pfs=no
        

      

conn lateral #FW-1
     type=tunnel
     leftid=202.36.231.222
     left=202.36.231.222
     #leftnexthop=
     leftsubnet=202.36.230.0/24
     rightid=203.202.188.202
     rightsubnet=10.59.0.0/16
     ikelifetime=1h
     keylife=24h
     keyexchange=ike
     auth=esp
     pfs=no
     

# elogic-futurelab connection
conn elogic
        # Left security gateway, subnet behind it, next hop toward right.
        leftid=@203.134.166.148
        left=203.134.166.148		#ipsec.elogic.com.au public address
        leftsubnet=192.168.2.0/24	#elogic subnet
        leftnexthop=203.134.166.129	#elogic next hop router to internet
        leftrsasigkey=0sAQ...
        # Right security gateway, subnet behind it, next hop toward left.
	rightid=@203.202.188.202	#Futurelab ID or FQDN
        rightsubnet=10.59.4.16/30	#Futurelab subnet
	rightrsasigkey=0sAQP....
        authby=rsasig
        auto=start

# Amethon-futurelab connection
conn amethon #SonicWall
     left=203.174.137.190
     leftid=203.174.137.190
     #leftnexthop=
     leftsubnet=192.168.5.0/24
     rightsubnet=10.59.4.16/30
     keyexchange=ike
     auth=esp
     esp=3des-md5-96
     #pfs=no
     auto=start


conn Sasme
        # Left security gateway, subnet behind it, next hop toward right.
        left=%any
        leftid=@ipsec.ninemsn.com.au
        leftsubnet=192.168.3.0/24
        leftnexthop=
        leftrsasigkey=0sAQP...
        # Right security gateway, subnet behind it, next hop toward left.
        rightid=@203.202.188.202        #Futurelab ID or FQDN
        rightsubnet=10.59.4.16/30
        rightrsasigkey=0sAQP...
        authby=rsasig
        



#### to converge V1 and V2 output
conn OEself
	auto=ignore