1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
|
# From Ignat.Vassilev@optus.com.au Fri Sep 13 01:22:37 2002
# Date: Wed, 14 Aug 2002 11:43:07 +1000
# From: Ignat Vassilev <Ignat.Vassilev@optus.com.au>
# To: 'FreeS/WAN Design' <design@lists.freeswan.org>
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file
# More elaborate and more varied sample configurations can be found
# in FreeS/WAN's doc/examples file, and in the HTML documentation.
# basic configuration
config setup
# THIS SETTING MUST BE CORRECT or almost nothing will work;
# %defaultroute is okay for most simple cases.
#interfaces=%defaultroute
interfaces=%defaultroute
# Debug-logging controls: "none" for (almost) none, "all" for lots.
klipsdebug=none
plutodebug=none
# Use auto= parameters in conn descriptions to control startup actions.
plutoload=%search
plutostart=%search
# Close down old connection when new one using same ID shows up.
uniqueids=yes
# defaults for subsequent connection descriptions
conn %default
# How persistent to be in (re)keying negotiations (0 means very).
keyingtries=0
right=203.202.188.202 #Futurelab public address
rightnexthop=203.202.188.201 #Futurelab next hop router to internet
auto=add
conn mms
# Left security gateway, subnet behind it, next hop toward right.
leftid=@203.19.245.83
authby=rsasig
left=203.19.245.83
leftsubnet=203.9.249.0/24
leftnexthop=203.19.245.81
leftrsasigkey=0sAQP....
# Right security gateway, subnet behind it, next hop toward left.
rightid=@203.202.188.202
rightsubnet=203.13.0.0/16
rightrsasigkey=0sAQ...
auto=start
conn mms1
# Left security gateway, subnet behind it, next hop toward right.
leftid=@203.19.245.83
authby=rsasig
left=203.19.245.83
leftsubnet=203.9.249.0/24
leftnexthop=203.19.245.81
leftrsasigkey=0sAQP..
# Right security gateway, subnet behind it, next hop toward left.
rightid=@203.202.188.202
rightsubnet=10.59.4.16/30
rightrsasigkey=0sAQ...
auto=start
# networker-futurelab connection
conn wap
# Left security gateway, subnet behind it, next hop toward right.
leftid=@202.139.125.54
left=202.139.125.54
leftsubnet=192.168.0.0/24
leftnexthop=202.139.125.49
leftrsasigkey=0sAQN...
# Right security gateway, subnet behind it, next hop toward left.
rightid=@203.202.188.202
rightsubnet=10.59.4.16/30
rightrsasigkey=0sAQP....
authby=rsasig
auto=start
conn singtel #FW-1
type=tunnel
# Left security gateway, subnet behind it, next hop toward right.
leftid=165.21.42.232
left=165.21.42.232
leftsubnet=10.251.250.0/24
leftnexthop=161.21.42.237
# Right security gateway, subnet behind it, next hop toward left.
rightid=203.202.188.202
rightsubnet=10.59.4.0/24
ikelifetime=8h
keylife=1h
keyexchange=ike
auth=esp
pfs=no
conn singtel1 #FW-1
type=tunnel
# Left security gateway, subnet behind it, next hop toward right.
leftid=165.21.42.232
left=165.21.42.232
leftnexthop=165.21.42.237
leftsubnet=10.251.250.0/24
# Right security gateway, subnet behind it, next hop toward left.
rightid=203.202.188.202
rightsubnet=10.59.6.0/24
ikelifetime=1h
keylife=8h
keyexchange=ike
auth=esp
pfs=no
conn lateral #FW-1
type=tunnel
leftid=202.36.231.222
left=202.36.231.222
#leftnexthop=
leftsubnet=202.36.230.0/24
rightid=203.202.188.202
rightsubnet=10.59.0.0/16
ikelifetime=1h
keylife=24h
keyexchange=ike
auth=esp
pfs=no
# elogic-futurelab connection
conn elogic
# Left security gateway, subnet behind it, next hop toward right.
leftid=@203.134.166.148
left=203.134.166.148 #ipsec.elogic.com.au public address
leftsubnet=192.168.2.0/24 #elogic subnet
leftnexthop=203.134.166.129 #elogic next hop router to internet
leftrsasigkey=0sAQ...
# Right security gateway, subnet behind it, next hop toward left.
rightid=@203.202.188.202 #Futurelab ID or FQDN
rightsubnet=10.59.4.16/30 #Futurelab subnet
rightrsasigkey=0sAQP....
authby=rsasig
auto=start
# Amethon-futurelab connection
conn amethon #SonicWall
left=203.174.137.190
leftid=203.174.137.190
#leftnexthop=
leftsubnet=192.168.5.0/24
rightsubnet=10.59.4.16/30
keyexchange=ike
auth=esp
esp=3des-md5-96
#pfs=no
auto=start
conn Sasme
# Left security gateway, subnet behind it, next hop toward right.
left=%any
leftid=@ipsec.ninemsn.com.au
leftsubnet=192.168.3.0/24
leftnexthop=
leftrsasigkey=0sAQP...
# Right security gateway, subnet behind it, next hop toward left.
rightid=@203.202.188.202 #Futurelab ID or FQDN
rightsubnet=10.59.4.16/30
rightrsasigkey=0sAQP...
authby=rsasig
#### to converge V1 and V2 output
conn OEself
auto=ignore
|
