conn site1-site2 left=10.22.33.44 leftnexthop=10.22.33.1 leftsubnet=172.16.0.0/24 leftid=@gateway.site1.example.com leftrsasigkey=0xfedcba987654321... right=10.66.77.88 rightnexthop=10.66.77.1 rightsubnet=192.168.0.0/24 rightid=@gateway.site2.example.com rightrsasigkey=0x123456789abcdef... auto=start
The network described above looks like this:
subnet 172.16.0.0/24 =leftsubnet
|
interface 172.16.0.something
left gateway machine
interface 10.22.33.44 =left
|
interface 10.22.33.1 =leftnexthop
router
interface we don't know
|
INTERNET
|
interface we don't know
router
interface 10.66.77.1 =rightnexthop
|
interface 10.66.77.88 =right
right gateway machine
interface 192.168.0.something
|
subnet 192.168.0.0/24 =rightsubnet
left: The gateway's external interface, the one it uses to talk to the other
gateway.
leftnexthop: Where left should send packets whose destination is right, typically the first router in the appropriate direction.
leftsubnet: Addresses for the machines which left is protecting.
auto: If the conn setup section has plutoload=%search, then all connections marked auto=add are loaded when Pluto starts.
If the conn setup section has plutostart=%search, then all connections marked auto=start are started when Pluto starts.
For each left* parameter, there is a corresponding right* parameter.
The connection can be initiated from the command line from either end withipsec auto --up site1-site2