# This is a sample tunnel configuration file.  You can put multiple tunnel
# information into this file, or keep each tunnel in its own file.
# Each configuration file must contain: One and only one Key Directory,
# specified by the "keydir" keyword.  Each tunnel is delimited
# by the "tunnel" keyword.  
#
# Each tunnel must contain:
# the "tunnel", "local", "remote", "gateway", and "keyfile" keywords.
# local routes and remote routes are optional.
#
# Here's a sample tunnel.conf, explained:
#
# keydir directory
#    Specifies the directory holding the private keys used by the tunneling
#    software.  This directory should be mode 0700, owned by root.  The
#    private keys contained in this directory, if compromised, will allow
#    an intruder access into the gateway computer, as root.  BE VERY CAREFUL
#    WHOM YOU TRUST TO ENTER THIS DIRECTORY!
#
keydir /etc/vps/keys
#
# tunnel tunnelname
#    This keyword denotes the specification of a new tunnel.  the tunnel name
#    should either be a single word, or should be double quoted.
#
tunnel sifcon-mountainview
#
# local IP-Address (or FQDN)
#    This keyword denotes the local pseudo-router IP address.  This address
#    (or Fully Qualified Domain Name) should be either (a) on the same IP
#    subnet as the local network, or (b) on a seperate subnet that is only
#    used by tunnels (recommended).
#
#    This IP address becomes the local side of the encrypted PPP connection
#    and all packets to the remote network use this address as their router.
#
	local 192.168.3.2
#
# remote IP-Address (or FQDN)
#    This keyword denotes the remote pseudo-router IP address.  This address
#    (or Fully Qualified Domain Name) should be either (a) on the same IP 
#    subnet as the remote network, or (b) on a seperate subnet that is only
#    used by tunnels (recommended).
#
#    This IP address becomes the remote side of the encrypted PPP connection
#    and all packets from the remote network use this address as their router.
#
	remote 192.168.11.1
#
# gateway IP-Address (or FQDN)
#    This keyword denotes the address of the remote gateway machine.  The
#    remote gateway machine is the machine that sits on the far end of the
#    internet waiting to set up tunnels with you.  This IP Address must be
#    a legal, routable IP address.
#
	gateway dibona.com
#
# keyfile filename
#    This keyword specifies the private key to be used to initiate the 
#    tunnel.  This private key is part of a public-private keypair that 
#    was generated using the ssh-keygen program.  To ensure against 
#    man-in-the-middle attacks, you can generate the keypair yourself and
#    append the public key to the ~root/.ssh/authorized_keys file via 
#    alternate means (floppy, etc.)  
#
	keyfile sifcon-mountainview
#
# localroute subnet netmask
#    This keyword allows you to specify additional routes to be added
#    to your machine once the tunnel is brought up.  It's a good idea to 
#    add the remote network's subnets here, or you won't be able to route
#    to the other side even when the connection is up! :-)
#
	localroute 192.168.11.0 255.255.255.0
	localroute 192.168.10.0 255.255.255.0
#
# remoteroute subnet netmask
#    This keyword allows you to specify additional routes to be added
#    to the remote machine once the tunnel is brought up.  It's a good idea to 
#    add the local network's subnets here, or you won't be able to route
#    to the other side even when the connection is up! :-)
#
	remoteroute 192.168.3.0 255.255.255.0
	remoteroute 192.168.2.0 255.255.255.0