config setup
# nat-t activation
nat_traversal=yes
# Debug activation
# plutodebug=control
# global settings
conn %default
# networksettings, timeouts...
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
# roadwarrior part
conn roadwarrior
# authy by cert
authby=rsasig
#
leftrsasigkey=%cert
rightrsasigkey=%cert
#
leftcert=serverCert.pem
auto=add
#
pfs=no
dpddelay=30
dpdtimeout=120
dpdaction=clear
#
left=%defaultroute
#
leftsubnet=192.168.0.0/24
#
right=%any
#
rightsubnetwithin=192.168.2.0/24
#
keyingtries=3
# Oportunistic Encryption not active
include /etc/ipsec.d/examples/no_oe.conf