# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.16 2005/07/26 12:29:45 ken Exp $

# This file:  /usr/local/share/doc/openswan/ipsec.conf-sample
#
# Manual:     ipsec.conf.5


version	2.0	# conforms to second version of ipsec.conf specification

# basic configuration
config setup
	# Do not set debug options to debug configuration issues!
	# plutodebug / klipsdebug = "all", "none" or a combation from below:
	# "raw crypt parsing emitting control klips pfkey natt x509 dpd private"
	# eg:
	 plutodebug="all"
	#
	# enable to get logs per-peer
	# plutoopts="--perpeerlog"
	#
	# Again: only enable plutodebug or klipsdebug when asked by a developer
	#
	# NAT-TRAVERSAL support, see README.NAT-Traversal
	nat_traversal=yes
	# exclude networks used on server side by adding %v4:!a.b.c.0/24
	virtual_private=%v4:0.0.0.0/32,%v4:192.168.0.0/16,%4:192.168.0.1/12
	# OE is now off by default. Uncomment and change to on, to enable.
#	OE=off
	# which IPsec stack to use. netkey,klips,mast,auto or none
	protostack=netkey
        # Debug-logging controls:  "none" for (almost) none, "all" for lots.
        klipsdebug="none"
      #  plutodebug="none" 
        interfaces=%defaultroute 
                #interfaces="ipsec0=eth0"
	

# Add connections here

# sample VPN connection
# for more examples, see /etc/ipsec.d/examples/
#conn sample
#		# Left security gateway, subnet behind it, nexthop toward right.
#		left=10.0.0.1
#		leftsubnet=172.16.0.0/24
#		leftnexthop=10.22.33.44
#		# Right security gateway, subnet behind it, nexthop toward left.
#		right=10.12.12.1
#		rightsubnet=192.168.0.0/24
#		rightnexthop=10.101.102.103
#		# To authorize this connection, but not actually start it, 
#		# at startup, uncomment this.
#		#auto=start


conn e61
        # Key exchange
        ike=aes256-sha1-modp1536
        # Data exchange
        esp=aes256-sha1
        # Authentication method PSK
        authby=secret
        auto=add
        keyingtries=3
        # Modeconfig setting
        modecfgpull=yes
        pfs=no
        rekey=yes
        #leftid=@monkeyiq.example.org
        leftid=@foo.mydomain.org 
        left=%defaultroute
        leftsubnet=192.168.0.2/0
        leftrsasigkey=none
        leftmodecfgserver=yes
        leftxauthserver=no
        rightrsasigkey=none
        right=%any
        rightxauthclient=no
        rightmodecfgclient=yes
        rightsourceip=192.168.0.3
        rightsubnet=192.168.0.3/32