# /etc/ipsec.conf - FreeS/WAN IPsec configuration file

# More elaborate and more varied sample configurations can be found
# in FreeS/WAN's doc/examples file, and in the HTML documentation.



# basic configuration
config setup
	# THIS SETTING MUST BE CORRECT or almost nothing will work;
	# %defaultroute is okay for most simple cases.
	interfaces=%defaultroute
	# Debug-logging controls:  "none" for (almost) none, "all" for lots.
	klipsdebug=none
	plutodebug=none
	# Use auto= parameters in conn descriptions to control startup actions.
	plutoload=%search
	plutostart=%search
	# Close down old connection when new one using same ID shows up.
#	uniqueids=yes



# defaults for subsequent connection descriptions
conn %default
	# How persistent to be in (re)keying negotiations (0 means very).
	keyingtries=0
	# RSA authentication with keys from DNS.
#	authby=rsasig
	#leftrsasigkey=%dns
	#rightrsasigkey=%dns


# example connection
conn de-at
	left=145.xxx.xxx.xx
        leftsubnet=172.xx.0.0/20
	# RIGHT
        right=213.xxx.xx.x
        rightnexthop=213.xxx.xx.x
        rightsubnet=192.168.xx.0/24
        auto=start
	keyexchange=ike