# /etc/ipsec.conf - FreeS/WAN IPsec configuration file

# More elaborate and more varied sample configurations can be found
# in FreeS/WAN's doc/examples file, and in the HTML documentation.



# basic configuration
config setup
	# THIS SETTING MUST BE CORRECT or almost nothing will work;
	# %defaultroute is okay for most simple cases.
	interfaces=ipsec0=eth0
	# Debug-logging controls:  "none" for (almost) none, "all" for lots.
	klipsdebug=all
	plutodebug=all
	# Use auto= parameters in conn descriptions to control startup actions.
	plutoload=%search
	plutostart=%search
	# Close down old connection when new one using same ID shows up.
	uniqueids=yes



# defaults for subsequent connection descriptions
# (these defaults will soon go away)
conn %default
	keyingtries=0
	disablearrivalcheck=no
	authby=rsasig
	leftrsasigkey=%dnsondemand
	rightrsasigkey=%dnsondemand


# my VPN connection
conn datacenter
	# Left security gateway, subnet behind it, next hop toward right.
	#authby=rsasig
	left=<pulic ip of firewall>
	leftsubnet=10.80.1.0/24
	# Right security gateway, subnet behind it, next hop toward left.
	# this is the ip of my "roadwarrior" laptop...
	right=10.2.1.176
	rightnexthop=10.2.1.1
	# To authorize this connection, but not actually start it, at startup,
	# uncomment this.
	auto=add