# /etc/ipsec.conf - FreeS/WAN IPsec configuration file

# More elaborate and more varied sample configurations can be found
# in FreeS/WAN's doc/examples file, and in the HTML documentation.



# basic configuration
config setup
	# THIS SETTING MUST BE CORRECT or almost nothing will work;
	# %defaultroute is okay for most simple cases.
	interfaces=%defaultroute
	# Debug-logging controls:  "none" for (almost) none, "all" for lots.
	klipsdebug=none
	plutodebug=all
	# Use auto= parameters in conn descriptions to control startup actions.
	manualstart=
	plutoload=%search
	plutostart=%search
	plutowait=no
	# Close down old connection when new one using same ID shows up.
	uniqueids=yes



# defaults for subsequent connection descriptions
conn %default
	keyingtries=0
	keyexchange=ike
	auto=start

conn ccc-aaa
	type=tunnel
        left=ccc.ccc.63.86
        leftsubnet=192.168.0.0/255.255.252.0
        leftnexthop=ccc.ccc.63.81
	right=aaa.aaa.32.78
        rightsubnet=192.168.100.0/255.255.255.0
	rightnexthop=aaa.aaa.32.77
        auto=start
        keyexchange=ike
        pfs=yes
        authby=secret
        auth=esp
        ikelifetime=300s         
        rekeymargin=9s
        rekeyfuzz=0%
        keylife=120s
        esp=3des-md5-96
        keyingtries=0

conn ccc-bbb
	type=tunnel
        left=ccc.ccc.63.86
        leftsubnet=192.168.1.0/255.255.255.0
        leftnexthop=ccc.ccc.63.81
        right=bbb.bbb.13.10
        rightsubnet=192.168.90.0/255.255.255.0
        rightnexthop=bbb.bbb.13.9
        auto=start
        keyexchange=ike
        pfs=yes
        authby=secret
        auth=esp
        ikelifetime=300s
        rekeymargin=9s
        rekeyfuzz=0%
        keylife=120s
        esp=3des-md5-96
        keyingtries=0

conn aaa-ccc-bbb
	type=tunnel
	left=aaa.aaa.32.78
	leftsubnet=192.168.100.0/255.255.255.0
	leftnexthop=aaa.aaa.32.77
	right=ccc.ccc.63.86
	rightsubnet=192.168.90.0/255.255.255.0
	rightnexthop=ccc.ccc.63.81
	auto=start
        keyexchange=ike
        pfs=yes
        authby=secret
        auth=esp
        ikelifetime=300s
        rekeymargin=9s
        rekeyfuzz=0%
        keylife=120s
        esp=3des-md5-96
        keyingtries=0

conn bbb-ccc-aaa
	type=unnel
	left=bbb.bbb.13.10
	leftsubnet=192.168.90.0/255.255.255.0
	leftnexthop=bbb.bbb.13.9
	right=ccc.ccc.63.86
	rightsubnet=192.168.100.0/255.255.255.0
	rightnexthop=ccc.ccc.63.81
	auto=start
        keyexchange=ike
        pfs=yes
        authby=secret
        auth=esp
        ikelifetime=300s
        rekeymargin=9s
        rekeyfuzz=0%
        keylife=120s
        esp=3des-md5-96
        keyingtries=0