conn L2TP-CERT
	#
	# Configuration for one user with any type of IPsec/L2TP client
	# including the updated Windows 2000/XP (MS KB Q818043), but
	# excluding the non-updated Windows 2000/XP.
	#
	#
	# Use a certificate. Disable Perfect Forward Secrecy.
	#
	authby=rsasig
	pfs=no
	#
	left=123.123.123.123
	leftrsasigkey=%cert
	leftcert=/etc/ipsec.d/ssl/localCERT.pem
	#
	leftprotoport=17/1701
	#
	# The remote user.
	#
	right=%any
	rightrsasigkey=%cert
	rightcert=/etc/ipsec.d/ssl/userCERT.pem
	rightprotoport=17/1701
	#
	# Change 'ignore' to 'add' to enable the configuration for this user.
	#
	auto=ignore
	keyingtries=3