l2tp-cert.conf.in

ipsec vpn

conn l2tp-X.509
	#
	# Configuration for one user with any type of IPsec/L2TP client
	# including the updated Windows 2000/XP (MS KB Q818043), but
	# excluding the non-updated Windows 2000/XP.
	#
	#
	# Use a certificate. Disable Perfect Forward Secrecy.
	#
	authby=rsasig
	pfs=no
	auto=add
        # we cannot rekey for %any, let client rekey
	rekey=no
        # Do not enable the line below. It is implicitely used, and
        # specifying it will currently break when using nat-t.
        # type=transport. See http://bugs.xelerance.com/view.php?id=466
	#
	left=%defaultroute
        # or you can use: left=YourIPAddress
	leftrsasigkey=%cert
	leftcert=/etc/ipsec.d/certs/YourGatewayCertHere.pem
	# For updated Windows 2000/XP clients,
        # to support old clients as well, use leftprotoport=17/%any
	leftprotoport=17/1701
	#
	# The remote user.
	#
	right=%any
	rightca=%same
	rightrsasigkey=%cert
	rightprotoport=17/1701
	rightsubnet=vhost:%priv,%no