# /etc/ipsec.conf - FreeS/WAN IPsec configuration file config setup interfaces="ipsec0=eth0" klipsdebug=none plutodebug=none plutoload=%search plutostart=%search uniqueids=yes nat_traversal=yes overridemtu=1400 conn %default type=tunnel keyingtries=3 ikelifetime=3h keylife=1h disablearrivalcheck=no authby=rsasig esp=aes128 pfs=no auto=add left=aaa.bbb.ccc.ddd leftnexthop=abc.def.ghi.jkl leftid="C=XY,O=XY Org,CN=xy.org.org" leftrsasigkey=%cert leftcert=/etc/ipsec.d/certs/gateway-cert.pem leftupdown=/usr/local/lib/ipsec/_updown.x509 right=%any rightrsasigkey=%cert conn bsd-linux esp=3des leftsubnet=192.168.100.0/24 rightsubnet=192.168.1.0/24 rightid="@/C=XY/O=Other Org/OU=somthing/CN=freebsd.gate.way"