# /etc/ipsec.conf - FreeS/WAN IPsec configuration file # More elaborate and more varied sample configurations can be found # in FreeS/WAN's doc/examples file, and in the HTML documentation. # basic configuration config setup # THIS SETTING MUST BE CORRECT or almost nothing will work; # %defaultroute is okay for most simple cases. interfaces=%defaultroute # Debug-logging controls: "none" for (almost) none, "all" for lots. klipsdebug=none plutodebug=none # Use auto= parameters in conn descriptions to control startup actions. plutoload=%search plutostart=%search # Close down old connection when new one using same ID shows up. uniqueids=yes dumpdir=/var/tmp # defaults for subsequent connection descriptions conn %default # How persistent to be in (re)keying negotiations (0 means very). keyingtries=0 # RSA authentication with keys from DNS. authby=rsasig leftrsasigkey=%dns rightrsasigkey=%dns conn us-to-anyone leftsubnet=192.139.46.72/29 also=me-to-anyone # connection description for (experimental!) opportunistic encryption # (requires KEY record in your DNS reverse map; see doc/opportunism.howto) conn me-to-anyone left=%defaultroute right=%opportunistic keylife=1h rekey=no # uncomment to enable incoming; change to auto=route for outgoing auto=route conn nox-to-anyone left=%defaultroute leftsubnet=192.139.46.6/32 right=%opportunistic # uncomment to enable incoming; change to auto=route for outgoing auto=route conn rgb1 also=mrcharlie-net-left also=rgb-net1 auto=start conn rgb2 also=mrcharlie-net-left also=rgb-net2 auto=start conn rgbE also=mrcharlie-net-left also=rgb-netE auto=start conn rgbhost also=mrcharlie-net-left also=rgb-host auto=start conn rgb1h also=mrcharlie-host-left also=rgb-net1 auto=start conn rgb2h also=mrcharlie-host-left also=rgb-net2 auto=start conn rgbEh also=mrcharlie-host-left also=rgb-netE auto=start conn rgbhh also=mrcharlie-host-left also=rgb-host auto=start conn mrcharlie--marajade also=mrcharlie-net-left also=marajade-host auto=add conn mrcharlie--marajade-pass also=mrcharlie-net-left right=192.139.46.20 type=passthrough auto=add conn mrcharlie--indiagate also=mrcharlie-net-left right=indiagate.flora.ca rightid=@indiagate.flora.ca rightsubnet=192.168.168.0/24 auto=add include /etc/freeswan/freeswan-team-conns include /etc/freeswan/mrcharlie-left.conf include /etc/freeswan/adams--mrcharlie.vpn include /etc/freeswan/mrcharlie--cfsc.vpn