ipsec.conf

This a good VPN source

# /etc/ipsec.conf - FreeS/WAN IPsec configuration file

version 2.0

config setup
	# put the logs in /tmp for the UMLs, so that we can operate
	# without syslogd, which seems to break on UMLs
	plutostderrlog=/tmp/pluto.log
        plutorestartoncrash=false
	dumpdir=/var/tmp

# only used in x509-pluto-02
conn north-east-x509-pluto-02
        also=eastnet
        also=northnet
        # Left security gateway, subnet behind it, next hop toward right.
        left=192.1.3.33
        leftnexthop=192.1.3.254
        leftrsasigkey=%cert
        leftcert=north.uml.freeswan.org.cert
        leftid="C=CA/ST=Ontario/O=Openswan/CN=north.uml.freeswan.org/Email=north@openswan.org"
        # Right security gateway, subnet behind it, next hop toward left.
        right=192.1.2.23
        rightnexthop=192.1.2.254
        rightid="C=CA/ST=Ontario/O=Openswan/CN=east.uml.freeswan.org/Email=east@openswan.org"
        rightrsasigkey=%cert
        rightcert=east.uml.freeswan.org.cert
        auto=ignore
                                                                                                                                                                                                                
conn northnet
        leftsubnet=192.0.3.0/24

# this is a manual conn, to change the default policy for when there is
# no eroute for a particular src/dst combination. This conn is so that
# we can make west as "promiscuous" (i.e. as insecure) as possible while
# testing east.
# Note: this conflicts with the implicit packetdefault conn
conn let-my-people-go
	type=passthrough
	leftsubnet=0.0.0.0/0
	left=%defaultroute
	rightsubnet=0.0.0.0/0
	right=192.1.2.23
	#auto=manual

include	/etc/ipsec.d/ipsec.conf.common


conn us
	rightsubnet=192.0.3.0/24

conn them
	leftsubnet=192.0.2.0/24