FreeS/WAN IPSec for Linux, OLS 2000, RGB
Secrets Table of Contents

Common Setup

Contents of /etc/ipsec.conf:

# basic configuration
config setup
	# THIS SETTING MUST BE CORRECT or almost nothing will work;
	# %defaultroute is okay for most simple cases.
	interfaces=%defaultroute
	# Debug-logging controls:  "none" for (almost) none, "all" for lots.
	klipsdebug=none
	plutodebug=none
	# Use auto= parameters in conn descriptions to control startup actions.
	plutoload=%search
	plutostart=%search

interfaces:

Tells the KLIPS IPSEC code in the Linux kernel which network I/F to use.
Often, default will work:
- interfaces=%defaultroute
In advanced cases:
- interfaces="ipsec0=eth0 ipsec1=ppp0"
Only configured IPSEC I/Fs can be used to communicate with other IPSEC gateways. If this is not correct, nothing works.

klipsdebug, plutodebug:

Debugging setting for the KLIPS kernel code and Pluto key and connection negotiation daemon, respectively.
These can each be set to "none" or to "all" in most circumstances. See the man pages.

plutoload, plutostart:

List of connections to be automatically loaded into memory and negotiated when Pluto starts, respectively.
These can be quoted lists of connection names, but are often set to %search.
Any connection with auto=add in its connection definition is then loaded, and any connection with auto=start is started.

Last modified by Richard Guy Briggs , Sat Jul 15 07:42:28 EDT 2000 .