# /etc/ipsec.conf - FreeS/WAN IPsec configuration file # More elaborate and more varied sample configurations can be found # in FreeS/WAN's doc/examples file, and in the HTML documentation. # basic configuration config setup # THIS SETTING MUST BE CORRECT or almost nothing will work; # %defaultroute is okay for most simple cases. interfaces="ipsec1=eth1" #interfaces="ipsec0=eth0" #interfaces=%defaultroute # Debug-logging controls: "none" for (almost) none, "all" for lots. klipsdebug=all plutodebug=all # Use auto= parameters in conn descriptions to control startup actions. plutoload=%search plutostart=%search # Close down old connection when new one using same ID shows up. uniqueids=yes nat_traversal=yes # defaults for subsequent connection descriptions # (these defaults will soon go away) conn %default keyingtries=0 disablearrivalcheck=no authby=rsasig leftrsasigkey=%dnsondemand rightrsasigkey=%dnsondemand # connection description for opportunistic encryption # (requires KEY record in your DNS reverse map; see doc/opportunism.howto) conn me-to-anyone left=%defaultroute right=%opportunistic keylife=1h rekey=no # for initiator only OE, uncomment and uncomment this # after putting your key in your forward map #leftid=@myhostname.example.com # uncomment this next line to enable it #auto=route # sample VPN connection conn sample # Left security gateway, subnet behind it, next hop toward right. left=10.0.0.1 leftsubnet=172.16.0.0/24 leftnexthop=10.22.33.44 # Right security gateway, subnet behind it, next hop toward left. right=10.12.12.1 rightsubnet=192.168.0.0/24 rightnexthop=10.101.102.103 # To authorize this connection, but not actually start it, at startup, # uncomment this. #auto=add # sample VPN connection conn cisco authby=secret left=62.219.37.156 leftsubnet=192.168.1.0/24 #leftsubnet=192.168.0.0/24 right=62.219.37.154 rightsubnet=192.168.0.0/24 conn maya #authby=secret rightrsasigkey=%cert leftcert=Yael.pem # outer network right=62.219.37.157 left=62.219.37.156 leftsubnet=192.168.0.0/24 conn maya-in #authby=secret rightrsasigkey=%cert leftcert=Yael.pem # inner network right=192.168.0.155 left=192.168.0.162 conn maya2002-in-preshared right=192.168.0.155 #right=%any authby=secret # inner network left=192.168.0.162 conn maya2002-in-cert right=192.168.0.155 #right=%any authby=rsasig rightrsasigkey=%cert leftcert=mycerts/Yael.pem # inner network rightid=jojo@maya-st.com left=192.168.0.162 #auto=add conn maya2002-out authby=secret #authby=rsasig rightrsasigkey=%cert leftcert=Yael.pem # outer network right=62.219.37.157 left=62.219.37.156 leftsubnet=192.168.0.0/24 conn maya2002-out-cert right=%any rightsubnet=vhost:%all # %ike works like %all #didnot work rightsubnet=vhost:%v4:10.0.0.0/8,%v4:192.118.11.113/32 #rightsubnetwithin=10.175.0.0/32 authby=rsasig rightrsasigkey=%cert leftcert=mycerts/Yael.pem # inner network rightid=jojo@maya-st.com left=62.219.37.156 leftupdown=/usr/local/lib/ipsec/_updown.Maya #leftsubnet=192.168.0.0/24 #auto=add conn laptop authby=rsasig rightrsasigkey=%cert leftcert=mycerts/Yael.pem # inner network right=192.168.0.11 #rightid=jojo@maya-st.com left=192.168.0.162 rightid="C=IL, ST=None, O=Maya Software Technologies Ltd, OU=R&D, CN=YaelPlutoTest, E=eyal@maya-st.com" #auto=add conn benzy right=%any rightsubnet=vhost:%all authby=rsasig rightrsasigkey=%cert leftcert=mycerts/Yael.pem # inner network rightid=jojo@maya-st.com left=62.219.37.156