conn L2TP-CERT # # Use a certificate. Disable Perfect Forward Secrecy. # authby=rsasig pfs=no left=123.123.123.123 leftnexthop=%defaultroute leftrsasigkey=%cert leftcert=/etc/ipsec.d/ssl/localCERT.pem # # The remote user. # right=%any rightrsasigkey=%cert rightcert=/etc/ipsec.d/ssl/userCERT.pem # # Authorize this connection, and wait for connection from user. # auto=add keyingtries=3