# /etc/ipsec.conf - FreeS/WAN IPSEC configuration file

# More elaborate and more varied sample configurations can be found
# in FreeS/WAN's doc/examples file.

# basic configuration
config setup
        # THIS SETTING MUST BE CORRECT or almost nothing will work;
        # %defaultroute is okay for most simple cases.
        interfaces="ipsec0=eth0"
	# Debug-logging controls:  "none" for (almost) none, "all" for lots.
        klipsdebug=none
        plutodebug=none
        # Use auto= parameters in conn descriptions to control startup actions.
        plutoload=%search
        plutostart=%search
        # Close down old connection when new one using same ID shows up.
	#uniqueids=yes



# defaults for subsequent connection descriptions
conn %default
        # How persistent to be in (re)keying negotiations (0 means very).
        #keyingtries=0
        # Parameters for manual-keying testing (DON'T USE OPERATIONALLY).
        # Note:  only one test connection at a time can use these parameters!
	spi=0x200
        esp=3des-md5-96
        espenckey=0x01234567_89abcdef_02468ace_13579bdf_12345678_9abcdef0
        espauthkey=0x12345678_9abcdef0_2468ace0_13579bdf
        keyingtries=1
        # RSA authentication with keys from DNS.
        #authby=rsasig
        #leftrsasigkey=%dns
        #rightrsasigkey=%dns


conn vpn
        type=tunnel
        # Left security gateway, subnet behind it, next hop toward right.
        left=0.0.0.0
        #left=80.59.206.123
        leftsubnet=
        leftnexthop=
        # Right security gateway, subnet behind it, next hop toward left.
	leftrsasigkey=0x01038ba589cf112f44c7b60acdc735163d9903fd53cd0ee294176081c09d3117e3ee60e132a18585015f34b2c6f935269131e058dc48eb55de46cc1d9a7fab4275be996901b624d795dec78ceb2131c23cc083ef0e999ad91031d534bded2f1d4f97eddecf99e88b0ed2193384e5b1e3eb88d015a4579d2c9627a5c6e77d6a997f05
        right=200.60.172.33
	rightrsasigkey=0x010364467933106e949c834c271cab83ca481eec31deb533db8e9228ba771aebaab83149f2ce1fe7cc2567ed0c5629ef97766df91d21013972dac61d44c16b2826774f46ccc26278710fb247b59e10eaa460a939b6b70dde4ed1eea07a9895e325ce4acdf1a8e85c9a830e08027302d9cd62ea639944ef23d6172c2bb8dc924ab835
        #right=%defaultroute
        rightsubnet=200.60.172.32/27
        rightnexthop=200.60.172.62
        # Authorize this connection, but don't actually start it, at startup.
        #auto=add
        # To use RSA authentication (not legal in US until 20 Sept 2000),
        # uncomment this next line.
        authby=rsasig