[root@Fed14 etc]# cat ipsec.conf config setup plutostart=yes plutodebug=none nat_traversal=no uniqueids=no charonstart=yes plutostderrlog=/tmp/plutolog.txt charondebug="dmn 1, mgr 1, ike 2, chd 1, job 1, cfg 2, knl 1, net 1, enc 2, lib 1" ca rootca0 cacert=cacert.pem conn %default leftcert=/etc/ipsec.d/certs/oms_cert.pem auto=add pfs=no keyingtries=%forever forceencaps=no mobike=no conn conn502 type=tunnel leftsubnet=10.10.10.7/24 rightsubnet=10.10.10.6/24 left=10.10.10.7 right=10.10.10.6 keyexchange=ikev1 reauth=no ike=3des-sha1-modp1024! ikelifetime=83376s esp=3des-sha1! authby=pubkey rightid=%any keylife=86400s dpdaction=restart dpddelay=10s dpdtimeout=120s rekeyfuzz=50% rekeymargin=180s leftprotoport=1 rightprotoport=1