[root@linuxpc2 etc]# cat ipsec.conf config setup plutostart=yes plutodebug=controlmore nat_traversal=no uniqueids=no charonstart=yes plutostderrlog=/tmp/plutolog.txt charondebug="dmn 1, mgr 1, ike 1, chd 1, job 1, cfg 1, knl 1, net 1, enc 1, lib 1" ca rootca0 cacert=cacert.pem auto=start conn %default leftcert=/usr/local/etc/ipsec.d/certs/bts_cert.pem auto=start pfs=no keyingtries=%forever forceencaps=no mobike=no conn conn100 type=tunnel leftsubnet=10.10.10.6/24 rightsubnet=10.10.10.7/24 left=10.10.10.6 right=10.10.10.7 keyexchange=ikev1 reauth=no ike=3des-sha1-modp1024! ikelifetime=83376s esp=3des-sha1! authby=pubkey rightid=%any keylife=300s dpdaction=restart dpddelay=10s dpdtimeout=120s rekeyfuzz=50% rekeymargin=180s leftprotoport=1 rightprotoport=1