# /etc/ipsec.conf - FreeS/WAN IPsec configuration file

# More elaborate and more varied sample configurations can be found
# in FreeS/WAN's doc/examples file, and in the HTML documentation.



# basic configuration
config setup
	# THIS SETTING MUST BE CORRECT or almost nothing will work;
	# %defaultroute is okay for most simple cases.
	interfaces=%defaultroute
	# Debug-logging controls:  "none" for (almost) none, "all" for lots.
	klipsdebug=none
	plutodebug=crypt
	# Use auto= parameters in conn descriptions to control startup actions.
	plutoload=%search
	plutostart=%search
	# Close down old connection when new one using same ID shows up.
	uniqueids=yes



# defaults for subsequent connection descriptions
# (mostly to fix internal defaults which, in retrospect, were badly chosen)
conn %default
	keyingtries=1
	compress=yes
	disablearrivalcheck=no
	authby=rsasig
	#leftrsasigkey=%cert
	rightrsasigkey=%cert
	#left=%defaultroute
	left=193.41.215.131
	leftcert=medesoCert.pem
	leftid="C=se, O=Medeso, CN=firewall.medeso.se, Email=root@medeso.se"
	#leftid="E=root@medeso.se, CN=medeso.se, O=Medeso AB, C=se"
	auto=add
	pfs=yes

# sample VPN connection
conn roadwarior
	right=%any

conn roadwarior-net
	leftsubnet=192.168.38.0/24
	right=%any