1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.16 2005/07/26 12:29:45 ken Exp $
# This file: /usr/local/share/doc/openswan/ipsec.conf-sample
#
# Manual: ipsec.conf.5
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# plutodebug / klipsdebug = "all", "none" or a combation from below:
# "raw crypt parsing emitting control klips pfkey natt x509 private"
# eg:
plutodebug="control klips crypt"
#plutodebug="all"
plutoopts="--usevulcanhack"
#
# Only enable klipsdebug=all if you are a developer
#
# NAT-TRAVERSAL support, see README.NAT-Traversal
# nat_traversal=yes
# virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
dumpdir=/var/tmp/plutocore
plutostderrlog=/var/tmp/pluto.log
oe=no
# Add connections here
# sample VPN connection
conn base
# Left security gateway, subnet behind it, nexthop toward right.
left=205.150.200.251
leftnexthop=205.150.200.241
# Right security gateway, subnet behind it, nexthop toward left.
right=205.150.200.134
rightnexthop=205.150.200.241
ike=aes128-sha1-modp4096
# To authorize this connection, but not actually start it,
# at startup, uncomment this.
auto=ignore
conn oldstrictmode-shouldfail
rightsubnet=205.150.200.165/32
phase2=esp
esp=3des!
ike=3des!
also=base
conn packetdefault
auto=ignore
|
