# /etc/ipsec.conf - FreeS/WAN IPsec configuration file

# More elaborate and more varied sample configurations can be found
# in FreeS/WAN's doc/examples file, and in the HTML documentation.



# basic configuration
config setup
	# THIS SETTING MUST BE CORRECT or almost nothing will work;
	# %defaultroute is okay for most simple cases.
	interfaces=%defaultroute
	# Debug-logging controls:  "none" for (almost) none, "all" for lots.
	klipsdebug=all
	plutodebug=all
	# Use auto= parameters in conn descriptions to control startup actions.
	plutoload=%search
	plutostart=%search
	# Close down old connection when new one using same ID shows up.
	uniqueids=yes



# defaults for subsequent connection descriptions
# (mostly to fix internal defaults which, in retrospect, were badly chosen)
conn %default
	keyingtries=0
	disablearrivalcheck=no
	authby=rsasig
	leftrsasigkey=%dns
	rightrsasigkey=%dns


# connection description for (experimental!) opportunistic encryption
# (requires KEY record in your DNS reverse map; see doc/opportunism.howto)
conn me-to-anyone
	left=%defaultroute
	right=%opportunistic
	keylife=1h
	rekey=no
	# uncomment this next line to enable it
	#auto=route

# sample VPN connection
conn sample
	# Left security gateway, subnet behind it, next hop toward right.
	left=10.0.0.1
	leftsubnet=172.16.0.0/24
	leftnexthop=10.22.33.44
	# Right security gateway, subnet behind it, next hop toward left.
	right=10.12.12.1
	rightsubnet=192.168.0.0/24
	rightnexthop=10.101.102.103
	# To authorize this connection, but not actually start it, at startup,
	# uncomment this.
	#auto=add

# conexión automática con una máquina FreeBSD utilizando claves pre-compartidas
conn ipv6-Linux-FreeBSD-psk
	left=3ffe:b80:447:1:204:76ff:feda:1de4
	leftsubnet=
	leftrsasigkey=
	right= 3ffe:b80:447:1::1
	rightsubnet=
	rightrsasigkey=
	authby=secret
	keyingtries=2
	ikelifetime=52m
	keylife=30m
	rekeymargin=1m
	rekeyfuzz=25%
	type=transport
	auth=ah
	connaddrfamily=ipv6
	auto=add

	# conexión automática con una máquina FreeBSD utilizando claves pre-compartidas
conn ipv4-Linux-FreeBSD-psk
	left=192.168.1.2
	leftsubnet=
	leftrsasigkey=
	right= 192.168.1.1
	rightsubnet=
	rightrsasigkey=
	authby=secret
	keyingtries=2
	ikelifetime=52m
	keylife=30m
	rekeymargin=1m
	rekeyfuzz=25%
	auth=ah
	type=transport
	auto=add

# conexión manual para comunicaciones autentificadas con una máquina FreeBSD
#conn freebsd
	# Tipo de la conexión (el valor por defecto es tunnel)
	#type=transport
	#connaddrfamily=inet6
	# Left security gateway, subnet behind it, next hop toward right.
#	left=%defaultroute
#	leftsubnet=
#	leftnexthop=
	# Right security gateway, subnet behind it, next hop toward left.
#	right=3ffe:b80:447:1::1
#	rightsubnet=
#	rightnexthop=
	# configuración manual de SPI
#	spi=0xbb8
	# configuración manual de cabecera ah y clave
#	ah=hmac-md5-96
#	ahkey=0x12345678901234567890123456789012
	# To authorize this connection, but not actually start it, at startup,
	# uncomment this.
#	auto=add