ipsec.conf


sane defaults - one line defines a tunnel!

ike esp from 10.1.1.0/24 to 10.1.2.0/24 peer 192.168.1.2

really means:

ike esp from 10.1.1.0/24 to 10.1.2.0/24 peer 192.168.1.2
     main auth hmac-sha1 enc aes group modp1024
     quick auth hmac-sha2-256 enc aes group modp1024
     srcid 192.168.1.1 dstid 192.168.1.2

it makes your life much simpler:

[puffy] # wc -l /etc/isakmpd/isakmpd.conf.old
    1008 /etc/isakmpd/isakmpd.conf
[puffy] # wc -l /etc/ipsec.conf
     134 /etc/ipsec.conf