# basic configuration
config setup
        interfaces="%defaultroute"
        klipsdebug=none
        plutodebug=none
        plutoload=%search
        plutostart=%search

# defaults that apply to all connection descriptions
conn %default
        # How persistent to be in (re)keying negotiations (0 means very).
        keyingtries=1
        # How to authenticate gatways
        authby=rsasig

# VPN connection for head office and branch office
conn vpns1-vpns2
        # identity we use in authentication exchanges
        leftid=@vpns1.nitb.edu.pk
	leftrsasigkey=0sAQNbhfL5cnj+5JV5mrRbxvS9S4Fs8e1aLoW82zHd+6ns7iV8tuGxT8tRVok2J8iUuODaR6/FpwnhzThaSFsYbY7TxKRFsHOy8d4hVNLKjiORGBKfntQ78IzSnqnOMynNHAU3o4hYGFIHUvs2Nta6fXZKTZBXq5v/Zsm/5ICjJIFHJEVnF5xWg82X6EImdLjZFWJ8vGhZJHLF41SnIbTESjdc9Yq1H2/ufNNKkvwmFwVePyZ0VdWfLT7qIK1nHX6UiB4M7F66FQGO15zgv9wfIKN3jv6HWU/IadGs2e943dp4yp6uNclpxjl8l7J7ZGW/Hr6y6umHd7QmLCjvzsr5r8AcfkVZCCZAe1FoNHh0NvTR8+fT
        # left security gateway (public-network address)
        left=192.168.1.2
        # next hop to reach right
        # leftnexthop=192.168.1.1
        # subnet behind left (omit if there is no subnet)
        leftsubnet=192.168.2.0/24
        leftupdown=enable_firewall
        # right s.g., subnet behind it, and next hop to reach left
        rightid=@vpns2.nitb.edu.pk
        rightrsasigkey=0sAQNpaQP0OWG/dKuZOzdlhuoULem7jY1iFTibqoh0R/pkNYxeQRFsVJ6I9jcVObCc9XFfW4vQ04gHlI4EOipHgGko2Demdu2t6ARhdXvWCWick5N8pxVL815rV/FK1wG9voyeGt3T7hUvT38D5I4R8NrfvAz/mCSiqn1eG3GOLrwTtQ57Tqu770GCAC2e3tuX/whO6EN3SfO0zwkqGziBwlSFahW+cmMrfh+osKO66ICTJDIWNSogRcNpaKPDDUv4M0RsT2CFv+2F3ecLze7RCI2ZLOhF/zVEeKRJKAusiDntmtqCOl+VdSOOumgLQliLzhaLlfSb18qfC4p3EqBgDq8T54EtKsiTk3d54Ccl4QH2+HVn
        right=192.168.1.13
        # rightnexthop=192.168.1.1
        # rightsubnet=192.168.3.0/24
        #
        # right is masquerading
        # So you have three choices, none of them ideal
        #
        # uncomment this to use our default script
        # which works only with ipfwadm(8) on 2.0 kernels
        # or ipchains(8) on 2.2 in ipfwadm(8) emulation mode
        # rightfirewall=yes
        #
        # uncomment this and enter a name to write your own script
        # to use all features of ipchains(8) on 2.2
        # or to use iptables(8) on 2.4
        # rightupdown=whatever_you_want_to_name_the_script
        #
        # if you uncomment neither and remove the rightsubnet= line
        # then the tunnel terminates on the outside of your gateway
        # and the masqueraded subnet is not visible to the remote
        # subnet; they all think they're talking to the gateway
        #
        # try to start the connection
        auto=start