# /etc/ipsec.conf - strongSwan IPsec configuration file

config setup
	plutodebug="control crypt"
	crlcheckinterval=180
	strictcrlpolicy=no

conn %default
	ikelifetime=60m
	keylife=20m
	rekeymargin=3m
	keyingtries=1
	ike=aes192-sha2_384-modp4096!
	esp=aes192-sha2_256!
conn home
	left=192.168.0.100
	leftnexthop=%direct
	leftcert=carolCert.pem
	leftid=carol@strongswan.org
	right=192.168.0.1
	rightsubnet=10.1.0.0/16
	rightid=@moon.strongswan.org
	auto=add